apache 2.2.14 missing in ports
Jun Kuriyama
kuriyama at FreeBSD.org
Thu Dec 10 14:36:25 UTC 2009
2009/12/10 Philip M. Gollucci <pgollucci at p6m7g8.com>:
> Jun Kuriyama wrote:
> 2.2.14 does not address anything related to the SSL issues.
> You'll need openssl updates first.
>
> Also you are only vulnerable if you do client side renegotiation.
Ah, my problem is not related to serious security (I think). Something broken
with recent OpenSSL (with combination of apache 2.2.13+).
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2393204
Anyway, I can live with 2.2.14 until actually fixed in OpenSSL or Apache
(with -TLSv1).
--
Jun Kuriyama <kuriyama at FreeBSD.org> // FreeBSD Project
<kuriyama at s2factory.co.jp> // S2 Factory, Inc.
More information about the freebsd-apache
mailing list