https://bz.apache.org/bugzilla/show_bug.cgi?id=57120
--- Comment #5 from Kaspar Brand <[email protected]> --- (In reply to Petr Sumbera from comment #3) > It would be probably better to disable SSLv3 in binary directly > I'm proposing to limit SSL_PROTOCOL_ALL macro just fro TLS protocols. I disagree with this approach, for the reason outlined in https://mail-archives.apache.org/mod_mbox/httpd-dev/201410.mbox/%3C5441511D.1070201%40velox.ch%3E. Adapting the default in ssl_engine_config.c:modssl_ctx_init() is the solution I'd suggest. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
