You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by "Matison, Sasha" <Sa...@ca.com> on 2010/01/29 17:50:18 UTC

[users@httpd] Use of DTLS in Apache server 2.2.6

Hello,

According to the following security advisory
http://www.openssl.org/news/secadv_20071012.txt a flaw has been
discovered in
OpenSSL's DTLS implementation. I am trying to determine whether this
advisory applies to Apache Server
2.2.6.

More specifically:

- Can DTLS be used in the context of Apache Server? If yes - what needs
to be
done to enable it?
- Is SSL_get_shared_ciphers() method being used directly/indirectly by
the
Apache Server code?

Assuming that we cannot upgrade to a new version of OpenSSL will the
vulnerability affect Apache server 2.2.6 customers?

Regards,
Sasha.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org