On Thu, Apr 8, 2010 at 9:24 AM, Vorazzo Manuela <manuela.vorazzo@xxxxxxxxx> wrote: > *) SECURITY: CVE-2009-3555 (cve.mitre.org) > Is there some workaround to do this without upgrade my apache version??? > > I mean some mod_ssl configuration directives that I can set for bypass the problem/vulnerability??? No, you'd minimally need a new openssl (that blocks insecure renegotiation by default). -- Eric Covener covener@xxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|