[Jim Paris] > This is definitely the openssl bug. It appears that the fix in > subversion 1.2.3dfsg1-3 only postponed the problem until libneon24 > upgraded to openssl 0.9.8.
That seems unlikely since libneon24 in unstable uses openssl 0.9.8. ...Errrr, wait, are you saying openssl 0.9.7 has the bug, or 0.9.8? I will ask people to retest with subversion 1.3.0-1, which uses libneon25 and (opensel 0.9.8), as soon as our 1.3.0-1 gets through NEW processing and into experimental. > I found that a workaround is to limit the ciphers on the Apache end. > Removing all SSLv3 ciphers except RC4 seems to do the trick. For > example, my apache2 configuration now has: > > SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA Thanks for the workaround! Peter
signature.asc
Description: Digital signature
