5971ee662032d861024462a18f950e4eed4ab8ad - httpd

commit	5971ee662032d861024462a18f950e4eed4ab8ad	[log] [tgz]
author	Joe Orton <jorton@apache.org>	Thu May 09 09:05:38 2024 +0000
committer	Joe Orton <jorton@apache.org>	Thu May 09 09:05:38 2024 +0000
tree	26112bb1a27010ea0b7c9f2afbbbee7dc5ccfb6d
parent	ac774f7340bd1e2bb5ff092e27e75cd0051f7783 [diff]

Fail if SSLInsecureRenegotiation is used with mod_ssl, CVE-2009-3555
is now approaching 15 years old.

* modules/ssl/ssl_engine_config.c (ssl_cmd_SSLInsecureRenegotiation):
  Fail if used.
  (ssl_config_server_new, ssl_config_server_merge): Remove insecure
  reneg handling.

* modules/ssl/ssl_engine_init.c (ssl_init_ctx_protocol): Remove
  insecure_reneg handling.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1917600 13f79535-47bb-0310-9956-ffa450edef68

docs/manual/mod/mod_ssl.xml[diff]
modules/ssl/ssl_engine_config.c[diff]
modules/ssl/ssl_engine_init.c[diff]
modules/ssl/ssl_private.h[diff]

4 files changed