A vulnerability was discovered and corrected in apache:
Apache is affected by SSL injection or man-in-the-middle attacks
due to a design flaw in the SSL and/or TLS protocols. A short term
solution was released Sat Nov 07 2009 by the ASF team to mitigate
these problems. Apache will now reject in-session renegotiation
Additionally the SNI patch was upgraded for 2009.0/MES5 and 2009.1.
This update provides a solution to this vulnerability...