Certain sequences of per-directory renegotiations and the SSLCipherSuite
directive being used to upgrade from a weak ciphersuite to a strong one could
result in the weak ciphersuite being used in place of the strong one.
This issue affects the mod_ssl shipped with all variants of Red Hat Enterprise
Very few sites use the (experimental) per-directory SSL renegotiation directives
and would be vulnerable to this issue.
This is Bug 98852 for Red Hat Linux.
We are marking this as low priority and are unlikely to release an errata to
just fix this issue.
An errata has been issued which should help the problem described in this bug report.
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen
this bug report if the solution does not work for you.