Hi,
The "possible security fix" that Geoff Thorpe had posted sometime
back on the modssl-users mailing list (I can provide more details if
required)..
Index: ssl_engine_init.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/ssl/ssl_engine_init.c,v
retrieving revision 1.11
diff -u -r1.11 ssl_engine_init.c
--- ssl_engine_init.c 2001/08/24 04:08:04 1.11
+++ ssl_engine_init.c 2001/08/24 21:40:17
@@ -542,7 +542,8 @@
if (mc->nSessionCacheMode == SSL_SCMODE_NONE)
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
else
- SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER);
+ SSL_CTX_set_session_cache_mode(ctx,
+ SSL_SESS_CACHE_SERVER | SSL_SESS_CACHE_NO_INTERNAL_LOOKUP);
/*
* Configure callbacks for SSL context
[PATCH] fix session caching
MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) Fri, 24 Aug 2001 20:13:32 -0700
- RE: [PATCH] fix session caching MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
- MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
