LinuxAdvisory
AutoTalkBack
Registration Date: 05-19-2003
Posts: 1
Level: 5 [?] |
Experience Points: 158 |
Next Level: 173 |
|
OFFLINE
|
|
Ben Laurie found a bug in the optional renegotiation code in mod_ssl
which can cause cipher suite restrictions to be ignored. This is triggered
if optional renegotiation is used (SSLOptions +OptRenegotiate) along with
verification of client certificates and a change to the cipher suite over
the renegotiation. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0192 to this issue.
Read the full tutorial at https://www.linuxadvisory.com/tutorial109.html
|
|