our apache+mod_ssl server vulnerable?

Hi,

My question is whether our www server has a critical vulnerability or not.
If someone knows it, please tell me.

We are using apache1.3.27 mod_ssl 2.8.12 with OpenSSL0.9.6e on HP-UX11.0.
I think mod_ssl of this version with default settings would disable
a countermeasure to OpenSSL0.9.6's vulnerability.

Why I think so is that an option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
has been added in OpenSSL 0.9.6e and mod_ssl looks using this option.

We'd like to use the above www server because some www browser on Cellerphone
in Japan cannot establish SSL connection to a www server which doesn't use
the option.

Regards

---
J.Arakawa

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org