Hi All, I have -MultiViews set and SSLInsecureNegotation off ( in ifmodule of mod_ssl.c) in Apache.
But still vulnerability report says I am vulnerable to client side negotiation. Any pointers ? The same configuration works on our TEST environments. THe only difference is the build release versions. The systems where it is vulnerable has 31 around release build and in our TEST environment we have 53 release build version) All on apache 2.2.3 (Oracle provided) Thanks !
