Two bugs in mod_sslhaf fixed

September 04, 2009

I fixed two bugs in mod_sslhaf (my passive SSL fingerprinting module for Apache; see my previous blog post for details), which means that you need to upgrade if you're using it:

Pure SSLv2 access was ignored due to a badly interpreted version number (SSLv2 uses a different byte order).
There was a problem with sites that do not use SSL, which would cause Apache to stall.

Everything seems to be in order now.

Tags: SSL sslhaf

Founder of Hardenize, because everyone deserves good internet security. Previously, founder of SSL Labs and ModSecurity; wrote Bulletproof TLS and PKI.

Hardenize Badge

Tags

Apache Apache Security BEAST BREACH Bulletproof SSL and TLS Business CRIME Canoe Computer Misuse Act DocBook Feisty Duck Firefox Forward Secrecy Humour IronBee IronBee Blog LibHTP Lua ModSecurity ModSecurity Blog ModSecurity Handbook MySQL Nginx Open Source OpenSSL OpenSSL Cookbook PCI POODLE Qualys RC4 SSL SSL Labs SSL Pulse Secure programming Security UK Web Application Firewalls Writing XSS sslhaf

Archive