Using TLS1.3 With OpenSSL - OpenSSL Blog

Looks like almost all our users will need to reconfigure their cipher suites, once we ship 2.4.26 and they install OpenSSL 1.1.x: "If you explicitly configure your ciphersuites then care should be taken to ensure that you are not inadvertently excluding all TLSv1.3 compatible ciphersuites."

Re: svn commit: r1793940 - in /httpd/docs-build/trunk: deps.xml lib/allmodules.pl

[crossposting dev@ and docs@] On 05/04/2017 04:55 PM, jchamp...@apache.org wrote: Author: jchampion Date: Thu May 4 23:55:48 2017 New Revision: 1793940 URL: http://svn.apache.org/viewvc?rev=1793940=rev Log: override index: add deps and exclude from all-modules list I found it a little weird

MIL CAC and mod_ssl for tttpd 2.4.6

Afternoon all, We have a setup where we have to use MIL CAC's to access our site. It currently works with SSLVerifyClient require and SSLVerifyDepth 10, but we want to limit what the users see to just of the certs that is presented. We tried changing the VerifyDepth to 1 and removed all the

Re: Fixing more OpenSSL callback crashes

On 05/04/2017 05:47 PM, Jacob Champion wrote: > On 05/03/2017 11:25 PM, Ruediger Pluem wrote: >> Just as a heads up as I currently don't have time to investigate further. I >> get the below on CentOS 6.9 64 bit, which >> puzzles me a little bit as I would expect the errno addresses to be >>

Re: Fixing more OpenSSL callback crashes

On 05/04/2017 09:39 AM, Jacob Champion wrote: On 05/04/2017 09:36 AM, William A Rowe Jr wrote: Ugh... This suggests we've further broken crosscompile, just noticed this based on your comment. Why? Cross-compilation uses the same fallback mechanism. To expand on this, there are three choices

Re: Fixing more OpenSSL callback crashes

On 05/04/2017 09:36 AM, William A Rowe Jr wrote: Ugh... This suggests we've further broken crosscompile, just noticed this based on your comment. Why? Cross-compilation uses the same fallback mechanism. If a user doesn't like the conservative choice, he/she should set the cachevars to

Re: Fixing more OpenSSL callback crashes

On May 4, 2017 10:47 AM, "Jacob Champion" wrote: On 05/03/2017 11:25 PM, Ruediger Pluem wrote: > Just as a heads up as I currently don't have time to investigate further. > I get the below on CentOS 6.9 64 bit, which > puzzles me a little bit as I would expect the errno

Re: Fixing more OpenSSL callback crashes

On 05/03/2017 11:25 PM, Ruediger Pluem wrote: Just as a heads up as I currently don't have time to investigate further. I get the below on CentOS 6.9 64 bit, which puzzles me a little bit as I would expect the errno addresses to be different in different threads on my OS. [Thu May 04

Re: SSL and Usability and Safety

> Am 03.05.2017 um 15:46 schrieb Issac Goldstand : > > On 5/3/2017 4:28 PM, Stefan Eissing wrote: >> >>> Am 03.05.2017 um 15:22 schrieb Dirk-Willem van Gulik : >>> On 3 May 2017, at 15:14, Issac Goldstand wrote:

Re: Fixing more OpenSSL callback crashes

On 04/19/2017 05:54 PM, Jacob Champion wrote: > On 04/12/2017 11:34 AM, Jacob Champion wrote: >> It's probably worth noting at this point that, even if is unsafe: >> >> - Windows and BeOS users are still handled explicitly by default in 1.0.x. >> - If OpenSSL still provides the deprecated