Message167336
The Python 2.7.3 and 2.6.8 Windows builds are both built against "OpenSSL 0.9.8l 5 Nov 2009".
This specific version of OpenSSL had renegotiation removed due a security vulnerability. Except from http://svn.python.org/projects/external/openssl-0.9.8x/NEWS.
Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m:
...
o Support for RFC5746 TLS renegotiation extension.
...
Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l:
o Temporary work around for CVE-2009-3555: disable renegotiation.
Can the OpenSSL version be updated to at least OpenSSL 0.9.8m so renegotiation is supported? |
|
Date |
User |
Action |
Args |
2012-08-03 15:09:36 | cory.mintz | set | recipients:
+ cory.mintz |
2012-08-03 15:09:36 | cory.mintz | set | messageid: <1344006576.37.0.61147044371.issue15549@psf.upfronthosting.co.za> |
2012-08-03 15:09:35 | cory.mintz | link | issue15549 messages |
2012-08-03 15:09:34 | cory.mintz | create | |
|