Comment 2 for bug 605026

We have fixed CVE-2009-3555 by disabling client-side renegotiation in our updated Apache packages here:

http://www.ubuntulinux.org/usn/USN-860-1

Unfortunately, firefox gives this warning when it detects the server doesn't support the new renegotiation protocol, RFC 5746, even if CVE-2009-3555 is no longer a threat. In this sense, it is a false alert, as noted by some in the upstream mozilla bug report:

https://bugzilla.mozilla.org/show_bug.cgi?id=554594

We will be publishing updated openssl packages in the future that support RFC5746, so this problem can be ignored for now, and will go away completely eventually.