I am trying to verify if the openssl env I am working in 0.9.8u is
affected or not. I don't beleive it is because it seems this is NOT a
default option that is enabled.
Line from the CVE-2011-338
OpenSSL uses empty fragments as a countermeasure unless the
'SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS' o
I will be out of the office starting 04/27/2012 and will not return until
05/07/2012.
I will be out of the office until May 7th. If you have any questions please
send them to Charles Wittmaier.
Thanks and have a great vacation week :)
Brad
-
Great thanks for the info!
Where can I find out when apache.org will be bundling the latest version
of OpenSSL with apache? PCI compliance calls for using level "u" as of
today.
Brad Finkeldei
"William A. Rowe Jr."
04/24/2012 03:49 PM
Please respond to
users@httpd.apache.org
To
users@
TFML, Thanks for the info.
Yes I am on windows server 2003 that looks like a great way to start
if you already have things seperated bu this is a combined version of
Apache and OpenSSL So, I am not sure.. I want to see if anyone else
knows?
TFML
04/24/2012 03:09 PM
Please respon
I have installed Apache HTTP Server with OpenSSL 0.9.8t (MSI Installer)
>From the Apache.org Site.
Here is the file I downloaded and installed:
httpd-2.2.22-win32-x86-openssl-0.9.8t.msi
I want to upgrade OpenSSL on that machine without having to upgrade Apache
too.
How do I do that? step
