Date: Wed, 13 Oct 2004 09:17:38 +0000 (UTC) From: Clement Laforet <clement@FreeBSD.org> To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/www/apache2 Makefile ports/www/apache2/files patch-secfix-CAN-2004-0885 Message-ID: <200410130917.i9D9HcIi091152@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
clement 2004-10-13 09:17:38 UTC
FreeBSD ports repository
Modified files:
www/apache2 Makefile
Added files:
www/apache2/files patch-secfix-CAN-2004-0885
Log:
- Yet Another Security Fix
Fix CAN-2004-0885:
* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Ensure that a
correct cipher suite has been negotiated, else deny access.
* modules/ssl/ssl_engine_init.c (ssl_init_ctx_protocol): With OpenSSL
0.9.7, prevent session resumption during a renegotiation to force the
client to negotiate a new (and acceptable) cipher suite.
Credits: Hartmut Keil, Joe Orton
Revision Changes Path
1.202 +1 -0 ports/www/apache2/Makefile
1.1 +56 -0 ports/www/apache2/files/patch-secfix-CAN-2004-0885 (new)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200410130917.i9D9HcIi091152>