CVE-2004-0885

Related Files

Gentoo Linux Security Advisory 200410-21

Posted Oct 27, 2004

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200410-21 - A flaw has been found in mod_ssl where the SSLCipherSuite directive could be bypassed in certain configurations if it is used in a directory or location context to restrict the set of allowed cipher suites.

tags | advisory

systems | linux, gentoo

advisories | CVE-2004-0885

SHA-256 | 06b3bc6d3391335b9f299d76aa4089572536a66060eb87668867cda8b1c74110

Download | Favorite | View

mod_ssl-2.8.20-1.3.31.tar.gz

Posted Oct 26, 2004

Site modssl.org

mod_ssl provides provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1). It is based on the SSL/TLS toolkit OpenSSL and supports all SSL/TLS related functionality, including RSA and DSA/DH cipher support, X.509 CRL checking, etc. Additionally it provides special Apache related facilities like DBM and shared memory based inter-process SSL session caching. per-URL SSL session renegotiations, DSO support, etc.

Changes: With OpenSSL 0.9.7, prevent session resumption during a renegotiation to force the client to negotiate a new (and acceptable to mod_ssl) cipher suite. Additionally, ensure that a correct cipher suite has been negotiated afterwards.

tags | encryption

advisories | CVE-2004-0885

SHA-256 | 4f307413360dcdc90283082e77179b8aa65256afaf718a5a7bc9668e25c6a72d

Download | Favorite | View