Versions of mod_ssl prior to 2.8.10 are subject to a single NULL overflow that can cause arbitrary code execution. In order to exploit this vulnerability, the Apache Web server has to be configured to ...

The mod_ssl v1 package was initially created in April 1998 by Ralf S. Engelschall via porting Ben Laurie 's Apache-SSL 1.17 source patches for Apache 1.2.6 to Apache 1.3b6.

Can anyone give me the rundown on Apache-SSL vs mod_ssl. I can't really get any solid comparisons anywhere other than the fact that mod_ssl is now integrated into the new Apache build.

Apple has issued a security briefing stating that the Apache/mod_ssl worm is nullified by Security Update 2002-08-23 for Mac OS X 10.2 (Jaguar) and Security Update 2002-08-02 for Mac OS X 10.1.5 ...

The Apache HTTP Server module mod_ssl provides an interface to the OpenSSL library, which provides Strong Encryption using the Secure Sockets Layer and Transport Layer Security protocols.

# SSL Cipher Suite:# List the ciphers that the client is permitted to negotiate.# See the mod_ssl documentation for a complete list.SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA ...

If mod_ssl is not built against a version of OpenSSL which supports secure renegotiation, or if SSL is not in use for the current connection, the note is not set.

And would reinstalling mod_ssl be a possible solution? I know that's sort of a Windows attitude, but I'm really at a loss here. It's a little out of my league in terms of my past experience.