Prompted by a security issue (see below), mod_ssl 2.8.20 for Apache
1.3.31 was released today. You can get it at the usual location:


                                       Ralf S. Engelschall
                                       [EMAIL PROTECTED]

  Changes with mod_ssl 2.8.20 (16-Jul-2004 to 15-Oct-2004)

   *) With OpenSSL 0.9.7, prevent session resumption during a
      renegotiation to force the client to negotiate a new (and
      acceptable to mod_ssl) cipher suite. Additionally, ensure
      that a correct cipher suite has been negotiated afterwards

   *) Fixed more printf(3) style format string bugs (not security
      related) which could crash the server if mod_ssl's trace
      or debug log level is enabled.
Apache Interface to OpenSSL (mod_ssl)         
Official Announcement Mailing List          [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to