Hello,
I'm looking for an Open SSL 1.0.1s & apache 2.2.31 bundle to be protected against drown attacks (https://drownattack.com)
Open SSL 1.0.1s is already available, any idea when we can expect here the bundle Open SSL 1.0.1s & apache 2.2.31 ?
brgrds, Marc
Um, I'm not building 2.2 (which is VC9) with 1.0.1 anymore or hadn't planned on it. There seems no reason to.
The only VC9 PHP that will load as an Apache module is 5.4 and it requires Apache running OpenSSL 0.9.8, both of which are EOL.
I do plan to put up 2.2 with OpenSSL 1.0.2g however.
Explain the need for 2.2 with 1.0.1s and I may reconsider.
Hello Greg,
We try to protect some websites against drown atacks,
Min requirement was 1.0.1s or 1.0.2g
So 1.0.2g is ok for us