Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 52267 invoked from network); 8 Apr 2010 13:39:49 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 8 Apr 2010 13:39:49 -0000 Received: (qmail 51671 invoked by uid 500); 8 Apr 2010 13:39:46 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 51649 invoked by uid 500); 8 Apr 2010 13:39:46 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 51641 invoked by uid 99); 8 Apr 2010 13:39:46 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 08 Apr 2010 13:39:46 +0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of covener@gmail.com designates 209.85.212.45 as permitted sender) Received: from [209.85.212.45] (HELO mail-vw0-f45.google.com) (209.85.212.45) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 08 Apr 2010 13:39:39 +0000 Received: by vws8 with SMTP id 8so913704vws.18 for ; Thu, 08 Apr 2010 06:39:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:received:message-id:subject:from:to:content-type; bh=4Kvs7Q9BeshxC16+rJHkK9KESppVBVsfGdfeoR5lcvg=; b=wSlTO+L5lJwfY4CJc3qQNNacqIgu2Wk+U79Bt1RJdzrDOLEankHjjOBA0lQGn1coe9 VTsahWJdizSA6yb/OEzth/wGWd1zNbTkSCWSy9xMsN5BpjcPisdWI5vKFoUqSPPgYR/+ W7dJQbqxt17pHeDeBKoC+/VkK1Ol71e4kQlT8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=YK9U5aoTIhp5s6ZctNZGDnlC3P30X1mWSMCykbiVgCn4zGTaCRD6/f+AkJ+JqWJ/lF QlsLWQLiTmUvsp9fmT4ORTF1HE8UNl4K1p1guuacUNrklicHICX8rdRWK1IJWNPRJpuu TXSLulEuAIT00yjPWrxqEYTz2y8D7lwfJaBGw= MIME-Version: 1.0 Received: by 10.220.93.76 with HTTP; Thu, 8 Apr 2010 06:39:18 -0700 (PDT) In-Reply-To: <807071E8147C5448BBC98BC4E9525A596EFDD9EB40@CSEXMB00.office.corp.sia.it> References: <807071E8147C5448BBC98BC4E9525A596EFDD9EB40@CSEXMB00.office.corp.sia.it> Date: Thu, 8 Apr 2010 09:39:18 -0400 Received: by 10.220.107.26 with SMTP id z26mr80155vco.31.1270733958772; Thu, 08 Apr 2010 06:39:18 -0700 (PDT) Message-ID: From: Eric Covener To: users@httpd.apache.org Content-Type: text/plain; charset=ISO-8859-1 X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] TLS Renegotiation On Thu, Apr 8, 2010 at 9:24 AM, Vorazzo Manuela wrote: > *) SECURITY: CVE-2009-3555 (cve.mitre.org) > Is there some workaround to do this without upgrade my apache version??? > > I mean some mod_ssl configuration directives that I can set for bypass the problem/vulnerability??? No, you'd minimally need a new openssl (that blocks insecure renegotiation by default). -- Eric Covener covener@gmail.com --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org