On Wed, Nov 04, 1998, [EMAIL PROTECTED] wrote:
> I added
> > SSLRequiredCiphers DEFAULT:!IDEA
> to the main server section of httpd.conf and
> > SSLEnable
> to the virtual-host section. However,
> % ssleay s_client -cipher IDEA
> can still connect to the server with IDEA cipher.
>
> I think that the line
> > cfgMergeString(szReqCiphers);
> is required in the function "config_server_merge", isn't it?
Ops, right. I've fixed this some time ago for 2.1bX when I changed
SSLRequiredCiphers to SSLCipherSuite but totally forgot to backport this fix
to the stable 2.0 branch. It's now fixed for 2.0.15. Thanks for the great
feedback including bugfix.
> I found this bug on mod_ssl 2.0.9.
> cfgMergeString is still missing on version 2.0.13,
> but behavior is only checked on 2.0.9, sorry.
> (also I'm sorry for late bug report...)
No problem. Better later than never ;-)
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]