Per Olausson wrote: > > >Phil Ehrens: > >I just checked a couple different versions and did not see that > >function. > > I posted a question about this to the apache security mailbox, but > nobody responded. I guess that is inline with the policy for that > mailbox even if I find it somewhat unhelpful, considering that SSL isn't > completely a rarity when using Apache. > > The reason I am concerned is because mod_ssl indirectly references > SSL_get_shared_ciphers. It is in use. You can see this if you use > something like nm and grep for this function. > > So is mod_ssl vulnerable? Is the functionality insulated and not > possible to trigger from the mod_ssl user scenario, or is it? > > If anyone have any ideas please let me know!
The symbol is not defined in mod_ssl on any of my Linux or Solaris systems, all of which are running Apache-2.0.55. What version are you looking at? ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager [EMAIL PROTECTED]