Message 167336 - Python tracker

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

In-reply-to
Author	cory.mintz
Recipients	cory.mintz
Date	2012年08月03日.15:09:34
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1344006576.37.0.61147044371.issue15549@psf.upfronthosting.co.za>

Content
The Python 2.7.3 and 2.6.8 Windows builds are both built against "OpenSSL 0.9.8l 5 Nov 2009". This specific version of OpenSSL had renegotiation removed due a security vulnerability. Except from http://svn.python.org/projects/external/openssl-0.9.8x/NEWS. Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m: ... o Support for RFC5746 TLS renegotiation extension. ... Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l: o Temporary work around for CVE-2009-3555: disable renegotiation. Can the OpenSSL version be updated to at least OpenSSL 0.9.8m so renegotiation is supported?

Content

The Python 2.7.3 and 2.6.8 Windows builds are both built against "OpenSSL 0.9.8l 5 Nov 2009".
This specific version of OpenSSL had renegotiation removed due a security vulnerability. Except from http://svn.python.org/projects/external/openssl-0.9.8x/NEWS.
 Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m:
 ...
 o Support for RFC5746 TLS renegotiation extension.
 ...
 Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l:
 o Temporary work around for CVE-2009-3555: disable renegotiation.
Can the OpenSSL version be updated to at least OpenSSL 0.9.8m so renegotiation is supported?

History
Date	User	Action	Args
2012年08月03日 15:09:36	cory.mintz	set	recipients: + cory.mintz
2012年08月03日 15:09:36	cory.mintz	set	messageid: <1344006576.37.0.61147044371.issue15549@psf.upfronthosting.co.za>
2012年08月03日 15:09:35	cory.mintz	link	issue15549 messages
2012年08月03日 15:09:34	cory.mintz	create

homepage