| Log Message: |
Fail if SSLInsecureRenegotiation is used with mod_ssl, CVE-2009-3555
is now approaching 15 years old.
* modules/ssl/ssl_engine_config.c (ssl_cmd_SSLInsecureRenegotiation):
Fail if used.
(ssl_config_server_new, ssl_config_server_merge): Remove insecure
reneg handling.
* modules/ssl/ssl_engine_init.c (ssl_init_ctx_protocol): Remove
insecure_reneg handling.
|
httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml