torsten.foertsch at gmx
Nov 10, 2009, 2:14 AM
Post #1 of 1
(264 views)
Permalink
|
|
best way to fix the tls renegotiation problem?
|
|
Hi,
what is the best way to fix the tls renegotiation problem?
On my site some locations require renegotiation to get a client cert.
But that can simply be moved into the vhost config.
I believe this is not sufficient, is it?
Is OpenSSL 0.9.8l sufficient? Or do I have to patch apache as well?
http://www.apache.org/dist/httpd/patches/apply_to_2.2.14/CVE-2009-3555-2.2.patch
Is it correct that OpenSSL 0.9.8l simply denies renegotiation? Does that
mean that directory/location based ssl parameters are impossible? Or is
server initiated renegotiation still possible?
Thanks,
Torsten
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd
|
