Hi Stefan, Submitted a PR with changes required to build with LibreSSL 2.6 and 2.7 https://bz.apache.org/bugzilla/show_bug.cgi?id=62236
Cheers, Bernard. 2018-03-31 10:34 GMT+02:00 Bernard Spil <br...@freebsd.org>: > Hi Stefan, > > Sure I'm here :D Have been the maintainer of the LibreSSL ports in > FreeBSD for a good while and more recently joined the apache@ team. > > I'll let you know my results. I have an OpenSSL 1.1.1 port in the > making so I can test all of this long before it lands in a release. > > Cheers, Bernard. > > 2018-03-28 17:49 GMT+02:00 Stefan Eissing <stefan.eiss...@greenbytes.de>: >> Just added TLSv1.3 support in trunk. No fancy new early data features, just >> the basic. >> >> Open for discussion: >> - The Mozilla server-side-tls people are still thinking of what they will >> recommend, see: >> >> https://github.com/mozilla/server-side-tls/issues/191#issuecomment-376918933 >> - Turns out, cipher suites are separate from <= TLSv1.2. Since servers will >> co-host 1.2 and 1.3 >> for some time, we need additional config directives, I think. Added >> "SSLCipherSuiteV1_3" and >> am ashamed of the name. >> - The current handling of TLS versions that are not supported by the *SSL >> lib linked is not >> super helpful. It more or less pretends that the version does not exist >> (unknown protocol), >> but that is far from the truth. Shall we continue that or is this an >> opportunity to reconsider? >> - Should we allow the configuration of TLSv1_3 ciphers, even if the linked >> SSL does not support >> it? This is different from SSLProtocol which of course needs to fail if >> it cannot enable the >> version that is explicitly configured. >> I think it is ok to take it into the config, even though it never >> activates. >> >> Cheers, >> >> Stefan >> >> PS. If a FreeBSD libressl+apache maintainer is listening here, he may try if >> trunk compiles with it. I would not stop him. >>
