httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <di...@webweaving.org>
Subject Re: TLS renegotiation attack, mod_ssl and OpenSSL
Date Fri, 06 Nov 2009 22:31:58 GMT
Ruediger Pluem wrote:

> I guess how much in the cert case also depends on the clients browser settings
> and its user (does it send a certificate even though the original request
> by the browser did not request one?)

Yes - the 'SSLClient require' on / or VHost level is fine.

> Note that mod_ssl is not part of 1.3.x but a separate project.

Aye - Ralf's problem :)

> So only 2.0.x might be worth a thought.

Does anyone care ?

Dw

Mime
View raw message