Hello, folks; hopefully this is the correct form for this question. I'm running an Apache server under SLES21 SP3, and I'm trying to get mod_nss to utilize the 'extended_master_secret' extension described by RFC 7627.
Misc versions of packages on this platform: foo:~ # rpm -qa | grep nss libopenssl1_0_0-1.0.2j-60.55.1.x86_64 mozilla-nss-certs-3.45-58.31.1.x86_64 mozilla-nss-3.45-58.31.1.x86_64 mozilla-nss-tools-3.45-58.31.1.x86_64 libopenssl1_0_0-32bit-1.0.2j-60.55.1.x86_64 apache2-mod_nss-1.0.14-19.6.3.x86_64 insserv-compat-0.1-13.1.noarch openssh-7.2p2-74.54.1.x86_64 openssh-helpers-7.2p2-74.54.1.x86_64 openssl-1.0.2j-60.55.1.x86_64 openssh-askpass-1.2.4.1-7.5.x86_64 I've confirmed the underlying mozilla-nss version does support this extension. But, I can't seem to get a mod_nss config file to do so. My understanding is the underlying NSS SSL_OptionSet macro is SSL_ENABLE_EXTENDED_MASTER_SECRET, but I can't find a config file directive to engage this. Does apache2-mod_nss-1.0.14 allow for some means of supporting this extension? -- Brian Reichert <[email protected]> BSD admin/developer at large _______________________________________________ Mod_nss-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/mod_nss-list
