Re: [users@httpd] Is httpd impacted by openssl asn1 CVE?

2015-03-21 Thread Robert Webb
All depends on what version of open ssl you are using. Not the version of apache. Sent by MailWise – See your emails as clean, short chats. Original Message From: Fred K Sent: Saturday, March 21, 2015 04:22 PM To: users@httpd.apache.org Subject: [users@httpd] Is httpd impacte

[users@httpd] Is httpd impacted by openssl asn1 CVE?

2015-03-21 Thread Fred K
Hi In this week's openssl security announcement were two moderate CVE related to asn1. - when/where does the Apache httpd server (e.g. 2.4.12) actually use asn1? - does apache rely on openssl for asn1 and do we need to be concerned about: Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286) ASN.1 s

[users@httpd] 500 error while accessing tomcat

2015-03-21 Thread aparna Puram
Hello All, We have a apache on linux, that will forward the request to an apache on windows, Which is configured with mod_jk to communicate to tomcat. The apache and tomcat in windows is a bmc product and recently they have asked to disable ssl at the apache on windows and Install an apache on li