I'm not sure how to address this : For ex., do we allow building Apache against OpenSSL 0.9.5x ?.. I don't believe so. If it's regarding OpenSSL 0.9.6x, I'm not sure how much of binary incompability it introduces. Moreover, considering the fact that we have a CERT advisory asking ppl to move to OpenSSL 0.9.6e, I thought it'd be prudent to check specifically for version 0.9.6e or greater.
-Madhu -----Original Message----- From: Andreas Hasenack [mailto:[EMAIL PROTECTED]] Sent: Friday, August 09, 2002 1:34 PM To: [EMAIL PROTECTED] Subject: Re: [PATCH] Check for OpenSSL 0.9.6e or greater Em Fri, Aug 09, 2002 at 09:58:03AM -0700, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) escreveu: > With the recent vulnerabilities found in OpenSSL, I thought it'd make sense > for Apache to check for OpenSSL 0.9.6e or higher. And what about patched openssl versions? Given the notorious binary incompatibility even between minor openssl releases, not everybody is going to update to the latest version, but patch the ones they have.
