Skip to content
  1. Sep 28, 2010
    • Rainer Jung's avatar
      Merge r891282 from trunk resp. 896900 from 2.2.x: · 3ecd6d7f
      Rainer Jung authored
      Further mitigation for the TLS renegotation attack, CVE-2009-3555:
      
      * modules/ssl/ssl_engine_kernel.c (has_buffered_data): New function.
        (ssl_hook_Access): Forcibly disable keepalive for the connection if
        there is any buffered data readable from the input filter stack.
      
      * modules/ssl/ssl_engine_io.c (ssl_io_filter_input): Ensure that the
        BIO uses blocking operations when invoked outside direct control of
        the httpd filter stack.
      
      Thanks to Hartmut Keil <Hartmut.Keil adnovum.ch> for proposing this
      technique.
      
      Submitted by: jorton
      Backport by: rjung
      Reviewed by: pgollucci, wrowe
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@1002227 13f79535-47bb-0310-9956-ffa450edef68
      3ecd6d7f
  2. Sep 27, 2010
  3. Sep 26, 2010
  4. Sep 25, 2010
  5. Sep 14, 2010
  6. Sep 13, 2010
  7. Aug 05, 2010
  8. Jul 26, 2010
  9. Jul 23, 2010
  10. Jul 20, 2010
  11. May 14, 2010
  12. May 13, 2010
  13. May 12, 2010
  14. May 10, 2010
  15. May 07, 2010
  16. Mar 16, 2010
  17. Mar 11, 2010
  18. Mar 10, 2010