Apache Httpd < 2.0.53: SSLCipherSuite bypass

2004-10-01T00:00:00
ID HTTPD:BC7872A134B90EA9F5800CD80E6DDFAA
Type httpd
Reporter Apache Team Foundation
Modified 2005-02-08T00:00:00

Description

An issue has been discovered in the mod_ssl module when configured to use the "SSLCipherSuite" directive in directory or location context. If a particular location context has been configured to require a specific set of cipher suites, then a client will be able to access that location using any cipher suite allowed by the virtual host configuration.