On 29.10.2014 11:41, Yann Ylavic wrote: > I chose to use (MD5 digest) all the IP:port from the s->addrs list > (ie. <VitualHost IP|*|_default_:port ...>), plus s->server_hostname > and s->port (ie. ServerName, be it configured or not, knowing that in > the latter case, apr_gethostname() is used fot the main server, and > the main server's one is used for the vhosts).
Just an observation on the digest you're proposing: while it doesn't seem necessary to proactively kill MD5 in httpd when it is used for non-crypto purposes (see also RFC 6151), I would prefer another digest algorithm being picked for new things (apr_sha1_* perhaps, considering that APR doesn't currently have SHA-2 support?). Kaspar
