slesp3-compat-openssl097g

Security update for OpenSSL

Security update for OpenSSL

The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache's mod_ssl was vulnerable to this kind of attack because it uses openssl. Please note that renegotiation will be disabled by this update and may cause problems in some cases. (CVE-2009-3555: CVSS v2 Base Score: 6.4) The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache's mod_ssl was vulnerable to this kind of attack because it uses openssl. Please note that renegotiation will be disabled by this update and may cause problems in some cases. (CVE-2009-3555: CVSS v2 Base Score: 6.4) security compat-openssl097g x86_64 21ecc33d27e4adc9322e4c9de7a1c91b3044b3f4 compat-openssl097g-32bit x86_64 863a7d87c0c0c312bf0fa8ec7ff597fcf1a1bbaf