Re: Why no security update of apache2 concerning SSLv3?
On 2015-03-12 12:53:10 -0600, Bob Proulx wrote:
> The Debian default Apache2 configuration for ssl is in local-ssl and
> it configures the self-signed so called "snakeoil" certificates.
No, it is /etc/apache2/mods-available/ssl.conf, where you have the
SSLProtocol line, which is the line that needs to be modified.
> Anyone actually setting up SSL for secure public use *must* set a
> local configuration.
Yes, but the /etc/apache2/mods-available/ssl.conf file does *not* need
to be modified for that. The configuration concerning the certificate
and so on is under the /etc/apache2/sites-available directory.
--
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
Reply to: