On Sun, Apr 13, 2014 at 07:21:26AM -0400, Nico Kadel-Garcia wrote:
> I'm assuming that the vulnerability for particular httpd (Apache 2.x)
> web servers is *only* activated when the "mod_ssl" module is loaded,
Yes. The server must perform TLS negotiation using a vulnerable
OpenSSL version. Data le
On Sat, Apr 12, 2014 at 10:08 PM, Ben Reser wrote:
> This specific issue lies in the implementation of a feature of the SSL/TLS
> protocols. Apache HTTP Servers running mod_ssl to provide SSL/TLS are
> vulnerable. While svnserve does support encryption via Cyrus SASL, and Cyrus
> SASL does use
