Gentoo Linux Security Advisory GLSA 200410-21 - A flaw has been found in mod_ssl where the SSLCipherSuite directive could be bypassed in certain configurations if it is used in a directory or location context to restrict the set of allowed cipher suites.
06b3bc6d3391335b9f299d76aa4089572536a66060eb87668867cda8b1c74110
mod_ssl provides provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1). It is based on the SSL/TLS toolkit OpenSSL and supports all SSL/TLS related functionality, including RSA and DSA/DH cipher support, X.509 CRL checking, etc. Additionally it provides special Apache related facilities like DBM and shared memory based inter-process SSL session caching. per-URL SSL session renegotiations, DSO support, etc.
4f307413360dcdc90283082e77179b8aa65256afaf718a5a7bc9668e25c6a72d