httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Akash Jain <akash.delh...@gmail.com>
Subject [users@httpd] Client Side negotiation
Date Fri, 11 Jan 2013 16:20:58 GMT
Hi All,

I have -MultiViews set and SSLInsecureNegotation off ( in ifmodule of
mod_ssl.c) in Apache.

But still vulnerability report says I am vulnerable to client side
negotiation.

Any pointers ?

The same configuration works on our TEST environments. THe only difference
is the build release versions.

The systems where it is vulnerable has 31 around release build and in our
TEST environment we have 53 release build version)

All on apache 2.2.3 (Oracle provided)

Thanks !

Mime
View raw message