On May 6, 2015 8:12 PM, "Noel Butler" <noel.but...@ausics.net> wrote: > > On 07/05/2015 09:22, William A Rowe Jr wrote: >> >> >> For trunk, I propose we drop TLSv1 and TLSv1.1 protocols and simply adopt the recommended cipher list illustrated below (!SSLv3) in the default extra/httpd-ssl.conf source, following the SHOULD recommendations. >> > > > > unless trunk is for the 2.6 release -1
Noel, that is precisely the purpose of trunk, always. The 'next' release. Might be 2.6, might be called 3.0. We cherry pick fixes to backport all the time, but trunk exists to shape the subsequent release. > Since we are told, every time the discussion of abandoning 2.2.x comes up, that too many distro's with LTS's and Enterprise versions still support and maintain these antique versions, many admins do also require those antique distro versions but elect to build current source of httpd, I would then "-1" for removal of tls 1.0/1.1 (unless for the new "major" release where I'd agree with it) - because if there systems are that old, they "may" very well have issues with the removal of them, since their overall system/ssl libs are going to also be antiques :) Which is where you should direct your attention to backport proposals, on 2.4 as well as 2.2, since these are now adopted by users.
