Hi, The "possible security fix" that Geoff Thorpe had posted sometime back on the modssl-users mailing list (I can provide more details if required).. Index: ssl_engine_init.c =================================================================== RCS file: /home/cvspublic/httpd-2.0/modules/ssl/ssl_engine_init.c,v retrieving revision 1.11 diff -u -r1.11 ssl_engine_init.c --- ssl_engine_init.c 2001/08/24 04:08:04 1.11 +++ ssl_engine_init.c 2001/08/24 21:40:17 @@ -542,7 +542,8 @@ if (mc->nSessionCacheMode == SSL_SCMODE_NONE) SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); else - SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER); + SSL_CTX_set_session_cache_mode(ctx, + SSL_SESS_CACHE_SERVER | SSL_SESS_CACHE_NO_INTERNAL_LOOKUP); /* * Configure callbacks for SSL context
[PATCH] fix session caching
MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) Fri, 24 Aug 2001 20:13:32 -0700
- RE: [PATCH] fix session caching MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
- MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)