Hi, My question is whether our www server has a critical vulnerability or not. If someone knows it, please tell me.
We are using apache1.3.27 mod_ssl 2.8.12 with OpenSSL0.9.6e on HP-UX11.0. I think mod_ssl of this version with default settings would disable a countermeasure to OpenSSL0.9.6's vulnerability. Why I think so is that an option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS has been added in OpenSSL 0.9.6e and mod_ssl looks using this option. We'd like to use the above www server because some www browser on Cellerphone in Japan cannot establish SSL connection to a www server which doesn't use the option. Regards --- J.Arakawa ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
