Am Montag, 14. April 2014, 21:18:46 schrieb Philipp Kern: > So I'd say that we should go and add ECDHE support to Apache as > suggested and also patch OpenSSL for the OS X bug as the > fingerprinting landed upstream and we would merely replicate > current upstream behavior.
OK, sounds good. Kurt, if the openssl patch is like [1], it would require that apache2 is built against the updated version of openssl, due to the changed value of SSL_OP_ALL. Can you please ping me when you have uploaded the new package? Also, you should probably mention in the changelog that only recompiled applications get to use the workaround. Cheers, Stefan [1] http://openssl.6102.n7.nabble.com/openssl-org-3068-PATCH-Safari-broken-ECDHE-ECDSA-workaround-td45432.html -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/2709305.3U5MXJiIa2@k