On Wed, May 28, 2008 at 03:37:06PM -0400, [EMAIL PROTECTED] wrote:
> A malicious legitimate client can enforce a ciphersuite not supported by
> the server to be used for a session between the client and the server. This
> can result in disclosure of sensitive information.
If a malicious client is
ecompile apache as well?
Thanks for your help!
Netscape/OpenSSL Cipher Forcing Bug
THREAT:
Netscape's SSLv3 implementation had a bug where if a SSLv3 connection is
initially established, the first available cipher is used. If a session is
resumed, a
different cipher may be chosen if it appears
