« SSL Labs: a batch of small improvements | Main | SSL Threat Model »

Two bugs in mod_sslhaf fixed

September 04, 2009

I fixed two bugs in mod_sslhaf (my passive SSL fingerprinting module for Apache; see my previous blog post for details), which means that you need to upgrade if you're using it:

  1. Pure SSLv2 access was ignored due to a badly interpreted version number (SSLv2 uses a different byte order).
  2. There was a problem with sites that do not use SSL, which would cause Apache to stall.

Everything seems to be in order now.