Hi, Due to the new vulnerability in openssl (see below), I decided to recompile mod_ssl for apache.
http://www.openssl.org/news/secadv_20030317.txt During the process I copied everything down and have placed instructions here (html): http://www.fishnet.co.uk/support/cobalt/mod_ssl/index.html or as a text file: http://www.fishnet.co.uk/support/cobalt/mod_ssl/config_mod_ssl.txt These instructions are for a Raq4 with Apache 1.3.20. (Based on instructions from Gerald Waugh.) I do not know if it is possible to expolit the vulnerability or whether one exists, but better safe than sorry ! The fact that openssl have not released a new version probably says it all. DISCLAIMER: I have provided these instructions for information only. If this breaks your mod_ssl this is in no way my fault. Just reinstall the backup. It worked for me. Regards Ian Gibbons -- _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
