After upgrading to dev-libs/openssl-0.9.8l-r2, I'm unable to use client certificates in Firefox to authenticate to web sites requiring them. At least the l version disabled SSL renegotiation as a workaround to the recent OpenSSL vulnerability, but m was supposed to fix it. It doesn't seem to be the case, and the ChangLog wasn't helpful enough to be sure. So I have to keep version k on clients and servers to keep certificate authentication functional, which for me is more important than the rather theoretical vulnerability. I think version k should have stayed in Portage, even if hard masked with a message exaplaining the risks, for those who need it, until renegotiation works again. Thanks! Reproducible: Always Steps to Reproduce:
Likely a duplicate Bug 304995
*** This bug has been marked as a duplicate of bug 304995 ***
Lori just for future reference mozilla products use nss not openssl for its secure socket layer. This is where the breakage is has nothing to with with openssl if you can still duplicate this bug with nss-3.12.6 please comment on the nss bug to let us know. I will also be posting a request there as well.
