Project

General

Profile

Bug #2491

setting for client side renegotation seems without effect

Added by darix over 3 years ago. Updated over 3 years ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
2013-06-29
Due date:
% Done:

100%

Missing in 1.5.x:
No

Description

also ... that setting is a double negative. ... maybe we should rename it and issue a warning when someone still uses the old name.

Associated revisions

Revision 6d4d2118 (diff)
Added by stbuehler over 3 years ago

[ssl] accept ssl renegotiations if they are not disabled (fixes #2491)

  • don't fiddle with ssl internals
  • renegotiations should be safe with recent openssl versions,
    openssl itself should reject unsafe renegotiations

From: Stefan Bühler <>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2890 152afb58-edef-0310-8abb-c4023f1b3aa9

Revision 2890 (diff)
Added by stbuehler over 3 years ago

[ssl] accept ssl renegotiations if they are not disabled (fixes #2491)

  • don't fiddle with ssl internals
  • renegotiations should be safe with recent openssl versions,
    openssl itself should reject unsafe renegotiations

From: Stefan Bühler <>

History

#1 Updated by stbuehler over 3 years ago

  • Target version set to 1.4.33

#2 Updated by stbuehler over 3 years ago

  • Status changed from New to Fixed
  • % Done changed from 0 to 100

Applied in changeset r2890.

Also available in: Atom