Sorry for being late with my reply.
On 16.04.2014 16:00, Yann Ylavic wrote:
Before this commit, the client knew it was not reaching any vhost by
receiving an SSL alert (warning), and could stop.
In practice, most SNI-capable clients have ignored these warning-level
alerts (which is completely
On Fri, Apr 18, 2014 at 10:34 AM, Kaspar Brand httpd-dev.2...@velox.ch wrote:
On 16.04.2014 16:00, Yann Ylavic wrote:
Before this commit, the client knew it was not reaching any vhost by
receiving an SSL alert (warning), and could stop.
In practice, most SNI-capable clients have ignored
As of httpd-2.4.7 the strength of DH temp keys is determined by the private
key's bit length. I recently noticed the following behavior (using
httpd-2.4.9 and openssl-1.0.2-beta2-dev):
I am using multiple certificates for one VHost (ECC and RSA):
SSLCertificateFile
On 04/18/2014 08:34 AM, Falco Schwarz wrote:
As of httpd-2.4.7 the strength of DH temp keys is determined by the private
key's bit length. I recently noticed the following behavior (using
httpd-2.4.9 and openssl-1.0.2-beta2-dev):
I am using multiple certificates for one VHost (ECC and RSA):
Am 18.04.2014 14:34, schrieb Falco Schwarz:
As of httpd-2.4.7 the strength of DH temp keys is determined by the private
key's bit length. I recently noticed
the following behavior (using httpd-2.4.9 and openssl-1.0.2-beta2-dev):
I am using multiple certificates for one VHost (ECC and RSA):
On Tue, Feb 25, 2014 at 6:18 PM, Yann Ylavic ylavic@gmail.com wrote:
On Tue, Feb 25, 2014 at 4:21 PM, Jim Jagielski j...@jagunet.com wrote:
Of course, this doesn't mean that Yann should wait for
me... you seem to have a good grasp.
I'm coming back here...
After spending some time on this
Patch inline.
Index: modules/proxy/mod_proxy.h
===
--- modules/proxy/mod_proxy.h(revision 1588466)
+++ modules/proxy/mod_proxy.h(working copy)
@@ -605,23 +605,60 @@ typedef __declspec(dllimport) const char *
/* Connection
Helo,
shouldn't mod_proxy_connect's transfer loop be modified like
mod_proxy_wstunnel's one, since the latter has new fixes in 2.4.10 and
the former still uses the old code?
Also, it could benefit from socket_callback improvements (and current
coverner's work) that are already in wstunnel, to
On Fri, Apr 18, 2014 at 5:57 PM, Yann Ylavic ylavic@gmail.com wrote:
Patch inline.
Index: modules/proxy/proxy_util.c
===
--- modules/proxy/proxy_util.c(revision 1588466)
+++ modules/proxy/proxy_util.c(working copy)
On Fri, Apr 4, 2014 at 7:52 PM, Jim Jagielski j...@jagunet.com wrote:
Is there any way to accomplish w/o using notes? It's not that
they are especially slow, it's just that they aren't that fast
and, iirc, this could be a tight path.
Simpler solution commited in r1588519.
We don't have to
Thanks for your comments.
Commited in r1588527.
On Fri, Apr 4, 2014 at 11:39 PM, Yann Ylavic ylavic@gmail.com wrote:
On Fri, Apr 4, 2014 at 8:38 PM, Ruediger Pluem rpl...@apache.org wrote:
Why can't we fix that directly in ap_proxy_create_hdrbrgd?
Actually we can, and that's indeed a
Hi Jeff,
On 14.04.2014 13:08, Jeff Trawick wrote:
(not to say there aren't complications, like trying to keep system
directories out of rpath)
See a related discussion from 2011 RUNPATH for module dependencies on
Unix/Linux e.g. here:
http://markmail.org/message/guastewy5uvn36s7
Joe had some
This is based on my testing in CentOS and OSX, and
it's because when using a note, we need to generate
a key, and thus we need to go thru each char of
the key string; it's quicker to instead check 6 chars
for equiv.
I saw no regressions... but more eyes will help in
verifying/confirming that :)
On Fri, Apr 18, 2014 at 4:04 PM, Daniel Kahn Gillmor
d...@fifthhorseman.netwrote:
Looking at the code, it appears that ssl_callback_TmpDH() in
modules/ssl/ssl_engine_kernel.c doesn't try to match ECC keys at all --
this probably needs to be updated.
That was also my conclusion. It kinda
14 matches
Mail list logo
