You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Robert Moskowitz <rg...@htt-consult.com> on 2003/04/04 22:41:49 UTC
Re: [users@httpd] Re: Adding SSL support to Apache in Windows
without compiling
At 11:34 PM 4/4/2003 +0300, Andrus wrote:
>Yes, I need it.
>http://tor.ath.cx/~hunter/apache/ has only 2.0.44 version
>I prefer to install the latest version.
Particlulary considering what I am hearing is fixed in 2.0.45.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: Adding SSL support to Apache in Windows
without compiling
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
At 02:41 PM 4/4/2003, Robert Moskowitz wrote:
>At 11:34 PM 4/4/2003 +0300, Andrus wrote:
>>Yes, I need it.
>>http://tor.ath.cx/~hunter/apache/ has only 2.0.44 version
>>I prefer to install the latest version.
>
>Particlulary considering what I am hearing is fixed in 2.0.45.
Ummm... plugging in mod_ssl 2.0.44 v.s. 2.0.45 should pretty much be
a noop - not much went on there. Remember .44 modules *ARE* loadable
within the 2.0.45 release!
BUT I would be especially cautious about such a build - since OpenSSL
itself has several security patches for the timing attacks et. al. If it wasn't
built since .45 the author certainly was clueless of any such patches.
BTW - there is no OpenSSL release yet (that I'm aware of) that covers these
security vulnerabilities - the fixes seem to be only available as patches.
Bill
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org