"The workaround in 0.9.8l simply bans all renegotiation. Because of the
nature of the attack, this is only an effective defence when deployed
on servers. Upgraded clients will still be vulnerable.
Servers that need renegotiation to function correctly obviously cannot
deploy this fix without breakage."
openssl advisory:
http:// www.openssl. org/news/ secadv_ 20091111. txt
"The workaround in 0.9.8l simply bans all renegotiation. Because of the
nature of the attack, this is only an effective defence when deployed
on servers. Upgraded clients will still be vulnerable.
Servers that need renegotiation to function correctly obviously cannot
deploy this fix without breakage."