This just hit my radar: a successful attack on SSL (TLS 1.0) http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/
Apache httpd does not yet support TLS 1.1 or 1.2 (Per http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslprotocol) This looks ungood. (I don't see any defense.) I would love to be wrong on this one.. No word from Apache.org yet. I imagine they will need to add support for TLS 1.1 on an emergency basis. Aleksey _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
