Updates on OpenSSL CVE-2009-3555 (client renegociation)

3 Replies

So there are some news from the front of OpenSSL CVE-2009-3555 (see this and this for the history).

Now the latest version of Apache mod_ssl (2.2) embeds an option to reactivate old way client renegociation :

SSLInsecureRenegotiation on

Check the official doc for more details. With this option activated, you can now safely upgrade openSSL and mod_ssl without breaking your clients. They should have done it from the begining, shouldn’t they ?

The next step will be to move on to the new protocol definitely, to solve for good the CVE-2009-3555 vulnerability. For that we have to wait for the browsers to support it.

Firefox has started to work seriously on it and we can expect some support in the next releases (some settings will be possible through about:config).

They even created a test site. This screenshot was taken from Google Chrome (5.0.366.2, openSUSE repo) which already has support for the SSL protocol :

Related posts:

  1. OpenSSL : CVE-2009-3555 security fix and mod_ssl client authentication breakage
  2. Yet OpenSSL renegociation not fully fixed
  3. SSL/TLS RFC updated against CVE-2009-3555
  4. CVE-2009-3555: Safari not yet patched ???
  5. OpenVPN and DNS on a linux client

3 thoughts on “Updates on OpenSSL CVE-2009-3555 (client renegociation)

  1. Wolfgang

    The recent Firefox and SeaMonkey updates together with mozilla-nss 3.12.6 which is available in the mozilla OBS repo should (and do in my tests) support everything what’s needed.
    Updates for 11.2 and earlier openSUSE/SLE versions are in preparation.

  3. Scott

    can’t login with facebook. I get the CVE-2009-3555 error message. What can I do. This have logged in hundreds of times before!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>