Prompted by a security issue (see below), mod_ssl 2.8.20 for Apache 1.3.31 was released today. You can get it at the usual location: o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.8.20 (16-Jul-2004 to 15-Oct-2004) *) With OpenSSL 0.9.7, prevent session resumption during a renegotiation to force the client to negotiate a new (and acceptable to mod_ssl) cipher suite. Additionally, ensure that a correct cipher suite has been negotiated afterwards (CAN-2004-0885). *) Fixed more printf(3) style format string bugs (not security related) which could crash the server if mod_ssl's trace or debug log level is enabled. Reproducible: Always Steps to Reproduce: 1. 2. 3.
*** This bug has been marked as a duplicate of 66807 ***