| |||
| |||
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
Ave, I was actually referred to this Mailing List by someone in the PHP General Mailing List. (If you're here as well, Hi!) I have Mac OS X 10.5 Leopard running on my PowerMac G5 with Apache Web Server 2.2.26 and PHP 5.2.4 We recently ran a security/vulnerabilities scan on our server using a service and came up with some potential vulnerabilities. I was able to resolve all those vulnerabilities except one: Netscape/OpenSSL Cipher Forcing Bug THREAT: Netscape's SSLv3 implementation had a bug where if a SSLv3 connection is initially established, the first available cipher is used. If a session is resumed, a different cipher may be chosen if it appears in the passed cipher list before the session's current cipher. This bug can be used to change ciphers on the server. OpenSSL contains this bug if the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option is enabled during runtime. This option was introduced for compatibility reasons. This is the Solution they recommended: This problem can be fixed by disabling the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option from the options list of OpenSSL's libssl library. This can be done by replacing the SSL_OP_ALL definition in the openssl/ssl.h file with the following line: #define SSL_OP_ALL (0x00000FFFL^SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) The library and all programs using this library need to be recompiled to ensure that the correct OpenSSL library is used during linking. My problem is, I'm not an expert in *nix, and I usually like to stay away from compiling & recompiling - I especially do *Not* want to recompile Apache Web Server. So my question is - Is there any way to implement this solution, or any solution for this problem, without having to recompile anything? Thanks! |
_______________________________________________ Do not post admin requests to the list. They will be ignored. Macos-x-server mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/macos-x-server/email@hidden This email sent to email@hidden
| Home | Archives | FAQ | Terms/Conditions | Contact | RSS | Lists | About |
Visit the Apple Store online or at retail locations.
1-800-MY-APPLE
Contact Apple | Terms of Use | Privacy Policy
Copyright © 2007 Apple Inc. All rights reserved.
