angler-fishThe Vulnerability History Project

Fix CAN-2004-0885:

      * modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Ensure that a
correct cipher suite has been negotiated, else deny access.

* modules/ssl/ssl_engine_init.c (ssl_init_ctx_protocol): With OpenSSL
0.9.7, prevent session resumption during a renegotiation to force the
client to negotiate a new (and acceptable) cipher suite.

Submitted by: Hartmut Keil <Hartmut.Keil adnovum.ch>, Joe Orton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@105396 13f79535-47bb-0310-9956-ffa450edef68
by Nancy the Monkey 2004-10-08 11:59:33 UTC
commit 0e5aa595c2a6e97a9e59664c22dfb54bdb90286a
HTTPD Fix CVE-2004-0885
CHANGES
-5
modules/ssl/ssl_engine_init.c
-8
modules/ssl/ssl_engine_kernel.c
-15
expand_less