3

openssl-0.9.8m and apache HTTP 2.2.15

view full story
linux-howto

http://forums.opensuse.org – What are openSuSE's plans as to the release of an rpm with openssl-0.8.9m which has the solution to the renegotiation man-in-the-middle attack, not just turning key renegotiation down? As a companion to this version of openssl Apache HTTP 2.2.15 would be very desirable, as it incorporates a patch that allows - at the site's discretion - to refuse or accept the insecure "old-style" key renegotiation. (Distributions)