-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Security Advisory - Apache Software Foundation
Apache HTTPD WebServer / httpd.apache.org
X509 Client certificate based authentication can
be bypassed when HTTP/2 is used
CVE-2016-4979
On 14 Apr 2010, at 22:46, Nick Kew wrote:
>
> Since then Stefan has given us mod_reqtimeout, which offers
> an alternative defence, and a more satisfactory approach.
> ..
> So what should we do with mod_noloris?
> (b) Keep it in trunk for the interested but keep it
>out of released versions.
On Tue, 25 Oct 2005, Jorge Redond Flames wrote:
> Does anybody knows about a Online Certificate Status Protocol (OCSP)
> module for apache? I need to implemet a OCSP reponder and I had an idea:
> add a OCSP service as a module for apache
That may be the right place; though it may be better
On Mon, 23 May 2005, Vicki Brown wrote:
> Left out of (or at least well hidden in) the information I found that
> discussed setting up webdav was the small but crucial fact that a digest
> password file has a different format and must be created with htdigest, not
> htpasswd.
>
> 'Twould have be
