Prompted by a security issue (see below), mod_ssl 2.8.20 for Apache 1.3.31 was released today. You can get it at the usual location:
o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com Changes with mod_ssl 2.8.20 (16-Jul-2004 to 15-Oct-2004) *) With OpenSSL 0.9.7, prevent session resumption during a renegotiation to force the client to negotiate a new (and acceptable to mod_ssl) cipher suite. Additionally, ensure that a correct cipher suite has been negotiated afterwards (CAN-2004-0885). *) Fixed more printf(3) style format string bugs (not security related) which could crash the server if mod_ssl's trace or debug log level is enabled. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]