Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
MIME-Version: 1.0
From: Keith Hopper <kh@waikato.ac.nz>
To: users@httpd.apache.org
Date: Thu, 27 Mar 2003 11:08:46 +1200
Message-ID: <4bd975554ekh@waikato.ac.nz>
User-Agent: Pluto/3.03f (RISC-OS/4.02) POPstar/2.05
Content-Type: text/plain
Subject: [users@httpd] Apache 2.0.44, firewall and SSL

Greetings,
     We are happily running Apache 2.0.44 on a linux server, serving xml
and php-generated xml - within our firewall.

     We urgently need to be able to move the server outside the firewall -
BUT it appears that the version of the SSL software built-in to apache
2.0.44 corresponds to the stand-alone SSL version 2.8.6 - whereas - due to
security leaks, it appears that the stand-alone package has been updated
and is now at version 2.8.13.  

     Questions, please -

     (1)  Is the 2.0.44 built-in SSL software module free of the attack
problems which have led to upgrading the stand-alone module - and why?

     (2) If it is free of these problems, from where can we obtain a secure
certificate to this effect?

     (3)  If (and we do hope not!) 2.0.44 is susceptible to these attacks,
when might the source code be updated to fix the problems?

                    Fingers crossed!

                                   Keith Hopper

-- 
Keith Hopper
Senior Lecturer
Department of Computer Science

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org