The FreeBSD Security Advisory FreeBSD-SA-02:33.openssl says: IV. Workaround
Disabling the SSL2 protocol in server applications should render server exploits harmless. There is no known workaround for client applications. and while I'm upgrading my systems, to limit my window of exposure, if I restart my Apache servers, with: SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:-SSLv2:+EXP:+eNULL (change +SSLv2 to -SSLv2) rather than the default: SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL will that be sufficient as a workaround? Thanks, Adi ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
