|Summary:||CAN-2003-0192 mod_ssl renegotiation issue|
|Product:||Red Hat Enterprise Linux 2.1||Reporter:||Mark J. Cox <mjc>|
|Component:||mod_ssl||Assignee:||Joe Orton <jorton>|
|Status:||CLOSED ERRATA||QA Contact:|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2003-09-22 08:39:08 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Mark J. Cox 2003-07-10 12:33:13 UTC
Description: Certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one could result in the weak ciphersuite being used in place of the strong one. Version: This issue affects the mod_ssl shipped with all variants of Red Hat Enterprise Linux 2.1. Mitigating: Very few sites use the (experimental) per-directory SSL renegotiation directives and would be vulnerable to this issue. This is Bug 98852 for Red Hat Linux.
Comment 1 Mark J. Cox 2003-07-10 12:34:06 UTC
We are marking this as low priority and are unlikely to release an errata to just fix this issue.
Comment 2 Mark J. Cox 2003-09-22 08:39:09 UTC
An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2003-244.html