Phil Ehrens:
I just checked a couple different versions and did not see that
function.

I posted a question about this to the apache security mailbox, but nobody responded. I guess that is inline with the policy for that mailbox even if I find it somewhat unhelpful, considering that SSL isn't completely a rarity when using Apache.

The reason I am concerned is because mod_ssl indirectly references SSL_get_shared_ciphers. It is in use. You can see this if you use something like nm and grep for this function.

So is mod_ssl vulnerable? Is the functionality insulated and not possible to trigger from the mod_ssl user scenario, or is it?

If anyone have any ideas please let me know!

Regards,


Per Olausson


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to