Hello, According to the following security advisory http://www.openssl.org/news/secadv_20071012.txt a flaw has been discovered in OpenSSL's DTLS implementation. I am trying to determine whether this advisory applies to Apache Server 2.2.6.
More specifically: - Can DTLS be used in the context of Apache Server? If yes - what needs to be done to enable it? - Is SSL_get_shared_ciphers() method being used directly/indirectly by the Apache Server code? Assuming that we cannot upgrade to a new version of OpenSSL will the vulnerability affect Apache server 2.2.6 customers? Regards, Sasha. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org