[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why no security update of apache2 concerning SSLv3?

On 2015-03-12 12:53:10 -0600, Bob Proulx wrote:
> The Debian default Apache2 configuration for ssl is in local-ssl and
> it configures the self-signed so called "snakeoil" certificates.

No, it is /etc/apache2/mods-available/ssl.conf, where you have the
SSLProtocol line, which is the line that needs to be modified.

> Anyone actually setting up SSL for secure public use *must* set a
> local configuration.

Yes, but the /etc/apache2/mods-available/ssl.conf file does *not* need
to be modified for that. The configuration concerning the certificate
and so on is under the /etc/apache2/sites-available directory.

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
Reply to: