Apache | Dev

Apache | Dev Mailing List Archive by Gossamer Threads http://www.gossamer-threads.com/lists/apache/dev/ en-us (c) Gossamer Threads Inc. All rights reserved. 07 Nov 2009 20:33:08 -0800 120 Gossamer Threads | Apache | Dev 75 23 http://www.gossamer-threads.com/lists/apache/dev/ http://www.gossamer-threads.com/images/lists/rss_logo.jpg Re: svn commit: r833738 - in /httpd/httpd/trunk: CHANGES docs/manual/mod/mod_log_config.xml modules/loggers/mod_log_config.c On 11/07/2009 08:19 PM, sf@apache.org wrote: > Author: sf > Date: Sat Nov 7 19:19:10 2009 > New Revision: 833738 > > URL: http://svn.apache.org/view 07 Nov 2009 17:45:22 -0800 http://www.gossamer-threads.com/lists/apache/dev/376432 CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation (final draft) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Subject: CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation Apache httpd is affected by CVE-2 06 Nov 2009 17:21:08 -0800 http://www.gossamer-threads.com/lists/apache/dev/376409 [PATCH] Enable Elliptic Curve Keys and ciphers Folks, This is Vipul Gupta's patch (Bugzilla 40132) against today's trunk. This compiles and works under some manual testing. Looks like OpenSSL 06 Nov 2009 16:41:02 -0800 http://www.gossamer-threads.com/lists/apache/dev/376408 Re: svn commit: r833582 - in /httpd/httpd/trunk/modules/ssl: ssl_engine_init.c ssl_engine_io.c ssl_engine_kernel.c ssl_private.h On 11/06/2009 11:33 PM, jorton@apache.org wrote: > Author: jorton > Date: Fri Nov 6 22:33:19 2009 > New Revision: 833582 > > URL: http://svn.apache. 06 Nov 2009 15:37:56 -0800 http://www.gossamer-threads.com/lists/apache/dev/376399 [UPDATED] Re: [PATCH] new default SSLCipherSuite and SSL BrowserMatch configuration Hi, attached is a slightly different patch, it includes "!EXP" and I've moved the directive out of the vhost into the main server config (there's not 06 Nov 2009 15:19:12 -0800 http://www.gossamer-threads.com/lists/apache/dev/376396 Updated draft announcement apache. With some feedback from various folks. Thanks, Dw. Apache httpd is affected by CVE-2009-3555[1] (The SSL Injectin or MiM attack[2]). We strongly 06 Nov 2009 14:13:14 -0800 http://www.gossamer-threads.com/lists/apache/dev/376385 [PATCH] new default SSLCipherSuite and SSL BrowserMatch configuration Hi, I would like to propose the attached patch for inclusion in 2.2 (I'll commit to trunk soon unless I'm getting any -1s in response to this email). 06 Nov 2009 13:04:01 -0800 http://www.gossamer-threads.com/lists/apache/dev/376378 Pull mod_unique_id out of default build? Folks, Maybe my understanding is limited and my fu is weak, but I have personally never had a use for mod_unique_id. The only thing it does for 05 Nov 2009 21:30:00 -0800 http://www.gossamer-threads.com/lists/apache/dev/376339 Server Gated Certs (Was: TLS renegotiation attack, mod_ssl and OpenSSL) So with Joe his patch doing the right thing it seems (would be nice if we could get Ben or the OpenSSL guys to confirm that) - that we propably only 05 Nov 2009 17:38:28 -0800 http://www.gossamer-threads.com/lists/apache/dev/376328 TLS renegotiation attack, mod_ssl and OpenSSL With reference to the issue described here: http://www.ietf.org/mail-archive/web/tls/current/msg03948.html Considering the impact on mod_ssl, I'm ma 05 Nov 2009 06:01:26 -0800 http://www.gossamer-threads.com/lists/apache/dev/376279