On 4/24/2012 4:05 PM, BFinkeldei@xxxxxxxxxxxxxxx wrote: > > Great thanks for the info! > > Where can I find out when apache.org will be bundling the latest version of OpenSSL with > apache? PCI compliance calls for using level "u" as of today. If you had read the notices from the OpenSSL project you would be aware that the particular flaws in openssl 0.9.8 .u, .v and .w do not pertain to the operation or deployment of httpd 2.2.x. They do apply to the operation of httpd 2.4, and adminstrators of 2.4 should upgrade ASAP. (And if you were running 2.3-beta, upgrading httpd to 2.4 would be a very wise move as well for httpd security flaws). AFAIK only the windows binary 'bundles' openssl. As that binary is not affected it will not be updated, certainly not unless an httpd 2.2.23 is released. The ASF provides binaries only as a convenience and at our leisure; if you are professionally responsible for an installation of httpd, openssl and so forth which you refuse to compile yourself, you would probably benefit from contracting for the services you are demanding. The ASF is here to collaboratively produce source code. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|