https://bz.apache.org/bugzilla/show_bug.cgi?id=69736
Yann Ylavic <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |WONTFIX --- Comment #1 from Yann Ylavic <[email protected]> --- > <VirtualHost *:80 *:443> > ... > SSLEngine Optional > SSLCertificateFile "/var/lib/letsencrypt-wildcard/certs/wildcard_rsa.pem" > SSLCertificateFile "/var/lib/letsencrypt-wildcard/certs/wildcard_ecdsa.pem" > </VirtualHost> This vhost is vulnerable to man-in-the-middle per CVE-2025-49812, you probably don't want to (ab)use this kind of configuration anymore just to save a vhost definition (mod_macro might be your friend to save some typing). -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
