Hello,

 

I am the one that started the updating Apache thread. Now I am being told by my security team that ssl is out of date. From what I have been told, the version of ssl needs to be 1.0.0e unless 0.9.8r is rebuilt per below:

 

OpenSSL 0.9.8r or earlier: 

Upgrade to 1.0.0e or rebuild 0.9.8r with the "no-ecdh" compile option only if the ECCdraft 

ciphersuites have been enabled as described in the OpenSSL Security Advisory

Any ideas as to when ssl will be updated to version 1.0.0e? 

Thanks for your continued help and awesome product you proide,

Gary