Date: Thu, 10 Dec 2009 00:11:50 +0000 From: "Philip M. Gollucci" <pgollucci@p6m7g8.com> To: Jun Kuriyama <kuriyama@FreeBSD.org> Cc: Chris <chris@chrysalisnet.org>, apache@FreeBSD.org Subject: Re: apache 2.2.14 missing in ports Message-ID: <4B203CC6.6060105@p6m7g8.com> In-Reply-To: <48acff730912091547s549104fan1dc65da2dc2d56e9@mail.gmail.com> References: <FC16DCA7ED614D73A0BF3A9934670E20@homecore2duo> <4AFCB886.9080708@p6m7g8.com> <48acff730912091547s549104fan1dc65da2dc2d56e9@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jun Kuriyama wrote: > 2009/11/13 Philip M. Gollucci <pgollucci@p6m7g8.com>: >> Chris wrote: >> At this point 2.2.15 is immiment and will include the recent ssl >> fix/work around. > > Is this related to "tslext" problem? I'm using 2.2.13 with -TSLv1 to > work around it. > > I'm not sure this is fixed in apache repository or not... > > 2.2.14 does not address anything related to the SSL issues. You'll need openssl updates first. Also you are only vulnerable if you do client side renegotiation. -- ------------------------------------------------------------------------ 1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70 3F8C 75B8 8FFB DB9B 8C1C Philip M. Gollucci (pgollucci@p6m7g8.com) c: 703.336.9354 VP Apache Infrastructure; Member, Apache Software Foundation Committer, FreeBSD Foundation Consultant, P6M7G8 Inc. Sr. System Admin, Ridecharge Inc. Work like you don't need the money, love like you'll never get hurt, and dance like nobody's watching.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B203CC6.6060105>