Thanks Andreas, I appreciate the thought. Jeff
> ok, > > i just wanted to say that to prevent any confusions you may have been a > victim off. Your post read like it. > > andreas > > > > well, I already upgraded to openssl- > 0.9.6g back with apache-1.3.26 and > > modssl 2.8.10 > > > Jeff > > > this new release has AFAIK nothing to do with the openssl-vulns. > > > > It is a release for the today released apache-1.3.27 which fixes 3 vulns > in > > the apache itself. > > > > If you want to fix the vulns in SSL you have to upgrade or patch your > > openssl-package. > > > > Andreas > > > > ---- > > e-admin internet gmbh > > andreas gietl > > ludwig-thoma-strasse 35 > > 93051 Regensburg > > > > > > -----Urspr�ngliche Nachricht----- > > Von: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]Im Auftrag von Jeff Bert > > Gesendet: Freitag, 4. Oktober 2002 18:56 > > An: [EMAIL PROTECTED] > > Betreff: Re: [ANNOUNCE] mod_ssl 2.8.11-1.3.27 > > > > > > Thanks Ralf for keeping up on this. I run apache/mod_ssl server as a > hobby > > for friends' websites and have been actually having quite a number of > people > > trying the ssl hack on my server. > > > > Jeff > > > > > As you've hopefully recognized, the ASF released Apache 1.3.27, which > > > includes important security fixes. The corresponding mod_ssl 2.8.11 for > > > this version is now available, too. > > > > > > Fetch it from: > > > > > > http://www.modssl.org/source/ > > > ftp://ftp.modssl.org/source/ > > > Ralf S. Engelschall > > > [EMAIL PROTECTED] > > > www.engelschall.com > > > > > > Changes with mod_ssl 2.8.11 (24-Jun-2002 to 04-Oct-2002) > > > > > > *) Upgraded to Apache 1.3.27. > > > > > > *) Fixed internal error handling for CRL verification. > > > > > > *) Initialize OpenSSL ENGINE before initializing OpenSSL > > > to workaround problems with the PRNG. > > > > > > *) Also find "openssl" executable in "sbin" directories. > > > > > > *) Honor specified number of maximum bytes on SSLRandomSeed > > > if reading from EGD. > > > > > > *) Fixed generation of SSL_CLIENT_CERT_CHAIN_[0-9] variables. > > > ______________________________________________________________________ > > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > > User Support Mailing List [EMAIL PROTECTED] > > > Automated List Manager [EMAIL PROTECTED] > > > > > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
