[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why no security update of apache2 concerning SSLv3?

On 2015-03-20 12:13:12 -0400, Gene Heskett wrote:
> On Friday 20 March 2015 08:45:13 Vincent Lefevre wrote:
> > No, it is not commented out. ./etc/apache2/mods-available/ssl.conf
> > in apache2.2-common_2.2.22-13+deb7u4_amd64.deb contains:
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >
> >   SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
> 
> Call me confused.  And I do run my own web page from this machine.  URL 
> in sig.
> 
> First, there is no ~./etc/apache2/mods-available/ssl.conf, but there is a
> /etc/apache2/mods-available/ssl.conf

I was mentioning the file in the .deb package. It is

  ./etc/apache2/mods-available/ssl.conf

(no tilde). But since it is normally installed as relative to /
you obtain: /etc/apache2/mods-available/ssl.conf

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
Reply to: