Just a short explanation: triggered by logjam I wanted to improve DH
ephemeral key handling in tcnative. I had the BZ issue on my watch list
and knew that mod_ssl had already improved a lot in that area.
When looking at tcnative I noticed, that trunk now is no longer just an
old fork one could reset without loosing much. Instead it has nice new
features written and used by Mark to support HTTP/2 (SNI and ALPN) in TC
trunk. So I went the hard way and went through all changes between 1.1
and trunk to decide, in which direction to merge or whether a difference
should be kept.
If you go through the commits, then you will notice that by far most of
the changes are ports from 1.1 to trunk. I tried to keep the risk for
the ports in the other direction small, but I can't guarantee I haven't
broken anything. The biggest change to 1.1 is DH ephemeral key handling.
I will at run the TC unit tests next.
All functional changes in trunk now have a changelog entry there. I have
a few open points in the SSL area I will try to work on, but things will
slow down now and some of that might be trunk only.
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
