Author christian.heimes
Recipients christian.heimes, chuq, njs
Date 2017-12-10.11:13:58
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1512904438.99.0.213398074469.issue32257@psf.upfronthosting.co.za>
In-reply-to
Content
Apache mod_ssl implements CVE-2009-3555 by carefully tracking renegotiation state through-out the code base and a custom IO layer that refuses IO when the reneg_state becomes invalid.

[1] https://github.com/apache/httpd/blob/trunk/modules/ssl/ssl_private.h#L502-L513
[2] https://github.com/apache/httpd/blob/trunk/modules/ssl/ssl_engine_io.c#L202-L250
History
Date User Action Args
2017-12-10 11:13:59christian.heimessetrecipients: + christian.heimes, njs, chuq
2017-12-10 11:13:58christian.heimessetmessageid: <1512904438.99.0.213398074469.issue32257@psf.upfronthosting.co.za>
2017-12-10 11:13:58christian.heimeslinkissue32257 messages
2017-12-10 11:13:58christian.heimescreate