> -----Ursprüngliche Nachricht----- > Von: Helmut K. C. Tessarek [mailto:tessa...@evermeet.cx] > Gesendet: Mittwoch, 23. November 2016 23:12 > An: dev@httpd.apache.org > Betreff: Re: bug with SSLVerifyClient? > > On 2016-11-23 14:30, Ruediger Pluem wrote: > > You can still have that if you configure SSLVerify on virtual server > > layer, > > Right, no renegotiation necessary in that case. Makes sense, thanks. > > > but not on directory level. > > Well, apparently I can't have that now either. :-(
I agree that it should work with current TLS versions, but I have current no time to dig further. > > >> is functionality removed in new protocols? > > As far as I understand renegotiation has (and definitely had in the > > past) serious security issues. Hence it is removed. > > Ok, just out of curiosity: was the design flawed or the implementation? As it is changed in the SPEC it is a design problem, otherwise just the software implementing it would need to be fixed. Regards Rüdiger