Backport fix for CAN-2004-0885:
* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Ensure that a correct cipher suite has been negotiated, else deny access. * modules/ssl/ssl_engine_init.c (ssl_init_ctx_protocol): With OpenSSL 0.9.7, prevent session resumption during a renegotiation to force the client to negotiate a new (and acceptable) cipher suite. PR: 31505 Submitted by: Hartmut Keil <Hartmut.Keil adnovum.ch>, Joe Orton Reviewed by: jorton, pquerna, minfrin, wrowe git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@105732 13f79535-47bb-0310-9956-ffa450edef68
parent
c19173a9
Please register or sign in to comment