Re: SSL problems in woody (slapper)
On Friday, 2002-09-20 at 09:18:44 +0200, Bjarne Østby wrote:
> /home/bjarne# ./ssl-test xxx.xxx.xxx.31
> xxx.xxx.xxx.31 443 PATCHED: detects small overflow, but crashes (0.9.6e)
> I checked the apache prosess on the server after I ran the test. It had not crashed.
> Is it only the child prosess that terminates?
It is the connection that crashes, i.e. is not properly shut down with
the SSL protocol. 0.9.6g does that.
> According to the the makers of openssl-sslv2-master the version returned
> is guessed from how the server responds to the probe. Does this mean
> that 0.9.6c-2.woody.1 -> 0.9.6e?
0.9.6c-2.woody.1 behaves like 0.9.6e in this by terminating the
connection hard instead of sending an error message.
> On a side note.
> I wonder about curl-ssl and libssl09. Are they made redundant by libssl0.9.6?
For libssl09, I found no packages in sarge that depend on it.
And curl-ssl's Description in sarge says:
Description: Pseudopackage for migration from Debian 2.2 (potato).
I checked woody, same situation.
So unless you are running potato, you can remove both packages.
| firstname.lastname@example.org | http://www.lupe-christoph.de/ |
| Big Misunderstandings #6398: The Titanic was not supposed to be |
| unsinkable. The designer had a speech impediment. He said: "I have |
| thith great unthinkable conthept ..." |