[Pkg-openssl-devel] Bug#557261: Bug#557261: libssl0.9.8: Updating from version k-5 to k-6 breaks client auth with stunnel4
Kurt Roeckx
kurt at roeckx.be
Sat Nov 21 08:38:20 UTC 2009
On Fri, Nov 20, 2009 at 08:25:02PM +0000, Dick Middleton wrote:
> Package: libssl0.9.8
> Version: 0.9.8k-5
> Severity: important
>
>
> I've just updated my 'sid/unstable' system and found stunnel4 can no
> longer do its client certificate auth with apache connecting with ssl
> on port https/443.
>
> Apache reports:
> Re-negotiation handshake failed: Not accepted by client!?
The change in -6 disabled renegotiation because it happens in
an insecure way. Since you're talking to an apache server,
I would suggest you talk to the administrator to set up his
website so that it doesn't require renegotiation. I understand
that this requires that the whole server or virtual server needs
to be configured to accept the client certificate.
Kurt
More information about the Pkg-openssl-devel
mailing list