httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Akash Jain <>
Subject [users@httpd] Client Side negotiation
Date Fri, 11 Jan 2013 16:20:58 GMT
Hi All,

I have -MultiViews set and SSLInsecureNegotation off ( in ifmodule of
mod_ssl.c) in Apache.

But still vulnerability report says I am vulnerable to client side

Any pointers ?

The same configuration works on our TEST environments. THe only difference
is the build release versions.

The systems where it is vulnerable has 31 around release build and in our
TEST environment we have 53 release build version)

All on apache 2.2.3 (Oracle provided)

Thanks !

View raw message