VU#120541/CVE-2009-3555 and IMAPS/POPS with nginx
Quanah Gibson-Mount
quanah at zimbra.com
Sat Nov 21 02:14:29 MSK 2009
I've patched nginx, and tested https, POPS, and IMAPS. https fails
correctly:
---
R
RENEGOTIATING
3915:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:s3_pkt.c:529:
However, POPS and IMAPS do not:
---
* OK IMAP4 ready
R
RENEGOTIATING
<hangs forever>
---
+OK POP3 ready
R
RENEGOTIATING
<hangs forever>
It seems the patch only correctly handles HTTPS, and not these other
protocols.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
More information about the nginx
mailing list