Date: Thu, 10 Dec 2009 23:36:24 +0900 From: Jun Kuriyama <kuriyama@FreeBSD.org> To: "Philip M. Gollucci" <pgollucci@p6m7g8.com> Cc: Chris <chris@chrysalisnet.org>, apache@freebsd.org Subject: Re: apache 2.2.14 missing in ports Message-ID: <48acff730912100636r77a686c3q9ae28c10d10b93b2@mail.gmail.com> In-Reply-To: <4B203CC6.6060105@p6m7g8.com> References: <FC16DCA7ED614D73A0BF3A9934670E20@homecore2duo> <4AFCB886.9080708@p6m7g8.com> <48acff730912091547s549104fan1dc65da2dc2d56e9@mail.gmail.com> <4B203CC6.6060105@p6m7g8.com>
next in thread | previous in thread | raw e-mail | index | archive | help
2009/12/10 Philip M. Gollucci <pgollucci@p6m7g8.com>: > Jun Kuriyama wrote: > 2.2.14 does not address anything related to the SSL issues. > You'll need openssl updates first. > > Also you are only vulnerable if you do client side renegotiation. Ah, my problem is not related to serious security (I think). Something broken with recent OpenSSL (with combination of apache 2.2.13+). http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2393204 Anyway, I can live with 2.2.14 until actually fixed in OpenSSL or Apache (with -TLSv1). -- Jun Kuriyama <kuriyama@FreeBSD.org> // FreeBSD Project <kuriyama@s2factory.co.jp> // S2 Factory, Inc.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48acff730912100636r77a686c3q9ae28c10d10b93b2>