mod_ssl vulnerability in apache 2 - does it affect 1.3?

2004-03-12 Thread Boyle Owen
Greetings, A DoS vulnerability has been reported in mod_ssl in apache 2 (see http://secunia.com/advisories/11092/). Can anyone comment whether this vulnerability is present in mod_ssl in apache 1.3 or is it simply that mod_ssl, prior to apache 2, is not the responsibility of ASF? Rgds, Owen Boyl

RE: Apache 1.3.9 - HPUX

2004-03-31 Thread Boyle Owen
Plain text please.. - What does it say in the error_log? - are you *certain* you are using the correct PW (including case etc.)? Create a user with pw = "a" just to be sure. - 1.3.9 is an ancient version with many bugs and security holes. Is there no chance to upgrade? Rgds, Owen Boyle Discla

RE: Apache 1.3.9 - HPUX - OT - Wrong List

2004-03-31 Thread Boyle Owen
Whoops - just realised that this is on the "dev" list... Apologies to all... To Santhi: This would be better addressed on [EMAIL PROTECTED] Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. > -Original Message- > From: Boyle Owen >

Feature request: Datestamp on release announcements?

2006-08-03 Thread Boyle Owen
Greetings, I think a lot of busy admins would appreciate it if the release announcement pages had a date on them (eg http://www.apache.org/dist/httpd/Announcement2.2.html). Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. PS - it's a bit cheeky to post this

RE: Bug report for Apache httpd-2 [2006/10/08]

2006-10-08 Thread Boyle Owen
Hi all, Speaking as an apache user (not developer) who merely lurks on this list, is it appropriate for me to question the formatting (and hence usefulness) of this periodic report? If so; - Might the time-ordering be reversed to show the most recent, first? It seems a bit odd always to find, ri

RE: Bug report for Apache httpd-2 [2006/10/08]

2006-10-11 Thread Boyle Owen
> -Original Message- > From: Guy Hulbert [mailto:[EMAIL PROTECTED] > Sent: Monday, October 09, 2006 2:33 PM > To: dev@httpd.apache.org > Subject: Re: Bug report for Apache httpd-2 [2006/10/08] > > ... > > > > IMHO that's supremely unimportant. I just delete these messages > > Hmmm ...

RE: [Issue] External links @ the wiki, aka pagechange wars

2007-05-31 Thread Boyle Owen
> -Original Message- > From: Webmaster [mailto:[EMAIL PROTECTED] > > After you read the article, how could you possibly say that > it is spam? Well, the page does try to load javascript content from 4 external sites... Fortunately, my browser's NoScript extension blocks them all. Why d

RE: [Issue] External links @ the wiki, aka pagechange wars

2007-05-31 Thread Boyle Owen
> -Original Message- > From: Webmaster [mailto:[EMAIL PROTECTED] > Sent: Thursday, May 24, 2007 10:16 PM > To: [EMAIL PROTECTED]; 'Rich Bowen'; dev@httpd.apache.org > Cc: 'Apache Infrastructure' > Subject: RE: [Issue] External links @ the wiki, aka pagechange wars > > Hello, > > I've n

RE: pgp trust for https?

2005-11-09 Thread Boyle Owen
> -Original Message- > From: Nick Kew [mailto:[EMAIL PROTECTED] > > > ... Personally, I feel this role belongs in the government. > > Any particular government? A few years ago I'd probably have agreed. > With the most blatently corrupt government in living memory, that has > less appeal

RE: mod_ssl 5s delay

2006-02-06 Thread Boyle Owen
> -Original Message- > From: Joe Orton [mailto:[EMAIL PROTECTED] > Sent: Montag, 6. Februar 2006 11:35 > To: Oden Eriksson > Cc: dev@httpd.apache.org > Subject: Re: mod_ssl 5s delay > > On Sun, Feb 05, 2006 at 05:30:17PM +0100, Oden Eriksson wrote: > > For some reason I get a 5 seconds de

RE: SSL enabled name virtual hosts

2006-03-06 Thread Boyle Owen
> -Original Message- > From: Daniel Rogers [mailto:[EMAIL PROTECTED] > Sent: Montag, 6. März 2006 03:17 > To: dev@httpd.apache.org > Subject: SSL enabled name virtual hosts > > > I am not convinced by the argument that name based SSL virtual hosting > is impossible. It's not only an arg

RE: SSL enabled name virtual hosts

2006-03-06 Thread Boyle Owen
> -Original Message- > From: David Burry [mailto:[EMAIL PROTECTED] > Sent: Montag, 6. März 2006 11:08 > To: dev@httpd.apache.org > Subject: Re: SSL enabled name virtual hosts > > > We use a "wildcard cert" to overcome this situation... the technical > limitation is that all the SSL "ho

RE: SSL enabled name virtual hosts

2006-03-07 Thread Boyle Owen
> -Original Message- > From: Daniel Rogers [mailto:[EMAIL PROTECTED] > Sent: Montag, 6. März 2006 19:01 > > > The end user sees only port 443. No worries about weird port numbers. Ok - I read the post and I agree your solution doesn't rely on using a non-standard port externally. I wa

Adding timestamp to apache releases?

2007-10-01 Thread Boyle Owen
Greetings, To-do list item #1 for this week is "upgrade to 2.2.6". When I was waiting for the tar-ball to download, it occurred to me that it isn't blindingly obvious *when* the update was published. There's no date on the homepage (http://httpd.apache.org/) or on the download page (http://httpd.a

XSS vulnerability in mod_negotiation - status in 2.2.8?

2008-02-05 Thread Boyle Owen
Greetings, Our security guy noticed this alert about a XSS vulnerability in mod_negotiation: http://www.mindedsecurity.com/MSA01150108.html. According to the link, it applies to apache <= 2.2.6, so no worries for 2.2.8. However, when I double-check the changelog for 2.2.8 (http://www.apache.org/d

RE: XSS vulnerability in mod_negotiation - status in 2.2.8?

2008-02-06 Thread Boyle Owen
mer attached to this message may be ignored. > -Original Message- > From: Boyle Owen [mailto:[EMAIL PROTECTED] > Sent: Tuesday, February 05, 2008 11:40 AM > To: dev@httpd.apache.org > Subject: XSS vulnerability in mod_negotiation - status in 2.2.8? > > Greetings, >

RE: XSS vulnerability in mod_negotiation - status in 2.2.8?

2008-02-06 Thread Boyle Owen
> -Original Message- > From: Stefan Fritsch [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 06, 2008 12:57 PM > To: dev@httpd.apache.org > Subject: RE: XSS vulnerability in mod_negotiation - status in 2.2.8? > > Hi, > > On Wed, 6 Feb 2008, Boyle Owen w

RE: TLS renegotiation attack, mod_ssl and OpenSSL

2009-11-09 Thread Boyle Owen
> -Original Message- > From: Dirk-Willem van Gulik [mailto:di...@webweaving.org] > Sent: Saturday, November 07, 2009 12:28 AM > To: dev@httpd.apache.org > Subject: Re: TLS renegotiation attack, mod_ssl and OpenSSL > > +1 from me. (FreeBSD, Solaris). Test with and without certs (firefox,

OT - ApacheCon Europe 2010

2010-03-24 Thread Boyle, Owen
Greetings, Is there anyone who can confirm that there will be no ApacheCon *Europe* in 2010? There is no news about it on the apachecon/apache sites and there have been no announcements. Is the absence of evidence equivalent to evidence of absence? Rgds, Owen Boyle Disclaimer: Any disclaimer a