Thanks Ralf for keeping up on this. I run apache/mod_ssl server as a hobby for friends' websites and have been actually having quite a number of people trying the ssl hack on my server.
Jeff > As you've hopefully recognized, the ASF released Apache 1.3.27, which > includes important security fixes. The corresponding mod_ssl 2.8.11 for > this version is now available, too. > > Fetch it from: > > http://www.modssl.org/source/ > ftp://ftp.modssl.org/source/ > Ralf S. Engelschall > [EMAIL PROTECTED] > www.engelschall.com > > Changes with mod_ssl 2.8.11 (24-Jun-2002 to 04-Oct-2002) > > *) Upgraded to Apache 1.3.27. > > *) Fixed internal error handling for CRL verification. > > *) Initialize OpenSSL ENGINE before initializing OpenSSL > to workaround problems with the PRNG. > > *) Also find "openssl" executable in "sbin" directories. > > *) Honor specified number of maximum bytes on SSLRandomSeed > if reading from EGD. > > *) Fixed generation of SSL_CLIENT_CERT_CHAIN_[0-9] variables. > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
