openssl0.9.6e ok with mod_ssl 2.8.10?

openssl0.9.6e ok with mod_ssl 2.8.10?

am 31.07.2002 11:40:42 von Rainer Jung

Hi,

will there be a new version of mod_ssl for the security fixed openssl
0.9.6e and openssl-engine 0.9.6e or is it safe to use mod_ssl 2.8.10.

If there will be a new version: is there an expected release date/time?

Thanks for any answers!

Rainer Jung

kippdata informationstechnologie GmbH
Bornheimer Straße 33a
D-53111 Bonn
Germany

Tel.: +49/228/98549-0
Fax: +49/228/98549-50
email: rainer.jung@kippdata.de

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: openssl0.9.6e ok with mod_ssl 2.8.10?

am 31.07.2002 12:08:29 von Lutz Jaenicke

On Wed, Jul 31, 2002 at 11:40:42AM +0200, Rainer Jung wrote:
> Hi,
>
> will there be a new version of mod_ssl for the security fixed openssl
> 0.9.6e and openssl-engine 0.9.6e or is it safe to use mod_ssl 2.8.10.

It should be safe to use mod_ssl 2.8.10. The API of openssl did not change
when upgrading from 0.9.6d to 0.9.6e, so no update for mod_ssl is
required.

Best regards,
Lutz
--
Lutz Jaenicke Lutz.Jaenicke@aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: openssl0.9.6e ok with mod_ssl 2.8.10?

am 31.07.2002 14:14:13 von dufresne

If I read the advisories correctly, the problem was related to opsnssl
code. so, recompiling apache/mod-ssl with the new or patched openssl
sources should fix that issue. the other question though is, since there
were additional advisories related to mm, and apache 1.3.X/mod-ssl
requires mm for proper compilation and functioning, if there is a new mm
package or patch available.

Thanks,

Ron dufresne

On Wed, 31 Jul 2002, Rainer Jung wrote:

> Hi,
>
> will there be a new version of mod_ssl for the security fixed openssl
> 0.9.6e and openssl-engine 0.9.6e or is it safe to use mod_ssl 2.8.10.
>
> If there will be a new version: is there an expected release date/time?
>
> Thanks for any answers!
>
> Rainer Jung
>
> kippdata informationstechnologie GmbH
> Bornheimer Straße 33a
> D-53111 Bonn
> Germany
>
> Tel.: +49/228/98549-0
> Fax: +49/228/98549-50
> email: rainer.jung@kippdata.de
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com

"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart

testing, only testing, and damn good at it too!

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: openssl0.9.6e ok with mod_ssl 2.8.10?

am 31.07.2002 14:16:54 von b.courtin

Hi,

yes, there is a new version of mm available on http://www.ossp.org/pkg/lib/mm/
( Status: Stable Version: 1.2.1 (28-Jul-2002) )

The advisory is here: http://www.openpkg.org/security/OpenPKG-SA-2002.007-mm.html



Kind regards,

Bert Courtin




-----Original Message-----
From: R. DuFresne [mailto:dufresne@sysinfo.com]
Sent: Wednesday, July 31, 2002 2:14 PM
To: Rainer Jung
Cc: modssl-users@modssl.org
Subject: Re: openssl0.9.6e ok with mod_ssl 2.8.10?




If I read the advisories correctly, the problem was related to opsnssl
code. so, recompiling apache/mod-ssl with the new or patched openssl
sources should fix that issue. the other question though is, since there
were additional advisories related to mm, and apache 1.3.X/mod-ssl
requires mm for proper compilation and functioning, if there is a new mm
package or patch available.

Thanks,

Ron dufresne

On Wed, 31 Jul 2002, Rainer Jung wrote:

> Hi,
>
> will there be a new version of mod_ssl for the security fixed openssl
> 0.9.6e and openssl-engine 0.9.6e or is it safe to use mod_ssl 2.8.10.
>
> If there will be a new version: is there an expected release date/time?
>
> Thanks for any answers!
>
> Rainer Jung
>
> kippdata informationstechnologie GmbH
> Bornheimer Straße 33a
> D-53111 Bonn
> Germany
>
> Tel.: +49/228/98549-0
> Fax: +49/228/98549-50
> email: rainer.jung@kippdata.de
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com

"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart

testing, only testing, and damn good at it too!

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org