Per Olausson wrote:
> >Phil Ehrens:
> >I just checked a couple different versions and did not see that
> >function.

> I posted a question about this to the apache security mailbox, but
> nobody responded. I guess that is inline with the policy for that
> mailbox even if I find it somewhat unhelpful, considering that SSL isn't
> completely a rarity when using Apache.
> The reason I am concerned is because mod_ssl indirectly references
> SSL_get_shared_ciphers. It is in use. You can see this if you use
> something like nm and grep for this function.
> So is mod_ssl vulnerable? Is the functionality insulated and not
> possible to trigger from the mod_ssl user scenario, or is it?
> If anyone have any ideas please let me know!

The symbol is not defined in mod_ssl on any of my Linux or Solaris
systems, all of which are running Apache-2.0.55. What version are
you looking at?
__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl)
User Support Mailing List
Automated List Manager