httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: TLS renegotiation attack, mod_ssl and OpenSSL
Date Wed, 03 Feb 2010 13:44:19 GMT
On Wed, Jan 27, 2010 at 10:41:02PM +0000, Dr Stephen Henson wrote:
> FYI the initial documentation is here:
> 
> http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html#SECURE_RENEGOTIATION
> 
> there are currently only two flags to set in an SSL/SSL_CTX structure. Though
> servers might want to make use of SSL_get_secure_renegotiation_support() too.

Thanks a lot for doing all that work!

I've added an "SSLInsecureRenegotiation" directive which will flip that 
flag on, here: http://svn.apache.org/viewvc?rev=906039&view=rev

It seems to all work as expected with 1.0.0 beta 5.

Regards, Joe

Mime
View raw message