httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Keith Hopper>
Subject [users@httpd] Apache 2.0.44, firewall and SSL
Date Wed, 26 Mar 2003 23:08:46 GMT
     We are happily running Apache 2.0.44 on a linux server, serving xml
and php-generated xml - within our firewall.

     We urgently need to be able to move the server outside the firewall -
BUT it appears that the version of the SSL software built-in to apache
2.0.44 corresponds to the stand-alone SSL version 2.8.6 - whereas - due to
security leaks, it appears that the stand-alone package has been updated
and is now at version 2.8.13.  

     Questions, please -

     (1)  Is the 2.0.44 built-in SSL software module free of the attack
problems which have led to upgrading the stand-alone module - and why?

     (2) If it is free of these problems, from where can we obtain a secure
certificate to this effect?

     (3)  If (and we do hope not!) 2.0.44 is susceptible to these attacks,
when might the source code be updated to fix the problems?

                    Fingers crossed!

                                   Keith Hopper

Keith Hopper
Senior Lecturer
Department of Computer Science

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message