You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2017/12/28 13:37:41 UTC

[Bug 61934] Impact of CVE-2017-3737 on Apache HTTP Server

https://bz.apache.org/bugzilla/show_bug.cgi?id=61934

Eric Covener <co...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 OS|                            |All

--- Comment #1 from Eric Covener <co...@gmail.com> ---
mod_ssl seems to more closely match the 'safe' path w/ state/error checking in
the three places it does handshakes.  Either way, the only sane suggestion is
to use an unaffected openssl.

Presumably vendors are updating their openssl builds, not changing how they
call openssl.


Leaving in "NEW" in case someone wants to look more closely.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org