[New-bugs-announce] [issue15549] openssl version in windows builds does not support renegotiation
Cory Mintz
report at bugs.python.org
Fri Aug 3 17:09:36 CEST 2012
New submission from Cory Mintz:
The Python 2.7.3 and 2.6.8 Windows builds are both built against "OpenSSL 0.9.8l 5 Nov 2009".
This specific version of OpenSSL had renegotiation removed due a security vulnerability. Except from http://svn.python.org/projects/external/openssl-0.9.8x/NEWS.
Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m:
...
o Support for RFC5746 TLS renegotiation extension.
...
Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l:
o Temporary work around for CVE-2009-3555: disable renegotiation.
Can the OpenSSL version be updated to at least OpenSSL 0.9.8m so renegotiation is supported?
----------
components: Windows
messages: 167336
nosy: cory.mintz
priority: normal
severity: normal
status: open
title: openssl version in windows builds does not support renegotiation
type: enhancement
versions: Python 2.6, Python 2.7
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue15549>
_______________________________________
More information about the New-bugs-announce
mailing list