]> git.ipfire.org Git - thirdparty/apache/httpd.git/commit
projects / thirdparty / apache / httpd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cd46316) | patch
Fix CAN-2004-0885:
authorJoe Orton <jorton@apache.org>
Fri, 8 Oct 2004 11:59:33 +0000 (11:59 +0000)
committerJoe Orton <jorton@apache.org>
Fri, 8 Oct 2004 11:59:33 +0000 (11:59 +0000)
commit6c04fef22c7e31192f9bdc42dea4d4da2e338023
tree615fcdc506d50aab7becececac2e5de8afe14c6ctree
parentcd4631689a79bbe7285762c518a06067b370579fcommit | diff
Fix CAN-2004-0885:

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Ensure that a
correct cipher suite has been negotiated, else deny access.

* modules/ssl/ssl_engine_init.c (ssl_init_ctx_protocol): With OpenSSL
0.9.7, prevent session resumption during a renegotiation to force the
client to negotiate a new (and acceptable) cipher suite.

Submitted by: Hartmut Keil <Hartmut.Keil adnovum.ch>, Joe Orton

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@105396 13f79535-47bb-0310-9956-ffa450edef68
ssl_engine_init.c diff | blob | blame | history
ssl_engine_kernel.c diff | blob | blame | history
Mirror of https://github.com/apache/httpd.git