Hi Guys.
This may seem a simplistic question but here it goes. I take it the
fix for this SSL exploit is to build the latest OpenSSL, 0.9.6g, and
then rebuild Apache against it? Or is it to rebuild modssl agains the
new libraries? I'd like to understand this a little better.
stayler
Also sprach stayler:
Hi Guys.
This may seem a simplistic question but here it goes. I take it the
fix for this SSL exploit is to build the latest OpenSSL, 0.9.6g, and
then rebuild Apache against it? Or is it to rebuild modssl agains the
new libraries? I'd like to understand this a
I suspect you only need to update your mod_ssl for apache. Not sure,
though.
use OpenSSL. According to the Apache web site (http://httpd.apache.org/),
you should upgrade apache to 1.3.26 or 2.0.40, unless you are using UNIX,
in which case, 2.0.39 should be safe.
--
Swiftly. Silently.