I never assume it is easy. As far as AIX goes, it would be "easier" for me,
as a packager to ignore AIX 5.3. But, for now, what I package for AIX 5.3
(TL7 and later) also works on AIX 6.1 and AIX 7.1 - unchanged.
Getting people to update is hard. Some do it automatically - proud to be
bleading edg
FWIW...
On Fri, May 8, 2015 at 2:16 AM, Michael Felt wrote:
> From my perspective - as a simple packager (re: openssl - old versions) I
> run into the problem of only being able to get to 0.9.8.k (AIX 5.3 TL12)
>
So, an operating system that has been unsupported for the past 2 years,
check...
>From my perspective - as a simple packager (re: openssl - old versions) I
run into the problem of only being able to get to 0.9.8.k (AIX 5.3 TL12).
With AIX 6.1 and 7.1 it would be openssl-1.0.0(something - do not know by
memory what patchlevel IBM openssl.base is at). Personally, I am going to
lo
+1
On Thu, May 7, 2015 at 6:45 PM, William A Rowe Jr wrote:
> Looking at the proposals in RFC 7525, I'm thinking this is a good time to
> re-sync
> httpd to these guidelines, even if it defers these releases by a week.
> WDYT?
>
> Bill
>
> On Fri, May 1, 2015 at 6:42 AM, Jim Jagielski wrote:
>>
Looking at the proposals in RFC 7525, I'm thinking this is a good time to
re-sync
httpd to these guidelines, even if it defers these releases by a week.
WDYT?
Bill
On Fri, May 1, 2015 at 6:42 AM, Jim Jagielski wrote:
> Yeah... I was gonna propose that once I had the weekend
> to take a more in-
On Tue, May 5, 2015 at 3:14 PM, Yann Ylavic wrote:
>
> *) mod_ssl: Improve handling of ephemeral DH and ECDH keys by
> allowing custom parameters to be configured via SSLCertificateFile,
> and by adding standardized DH parameters for 1024/2048/3072/4096 bits.
> Unless custom param
On May 5, 2015 4:31 PM, "olli hauer" wrote:
>
> Perhaps it is also a good time do kick SSLv2 support from 2.2.x ;)
We are deliberately not that disruptive to users. Our goal is to push more
secure code at users, but not at the risk of their electing to not update,
due to such blunt force. A sub
On 2015-05-05 15:03, Yann Ylavic wrote:
> On Thu, Apr 30, 2015 at 11:52 PM, William A Rowe Jr
> wrote:
>>
>> Concerns / observations / thoughts?
>
> I'd like to propose those 2.4.x CHANGES (r1542327+r1569005+r1542327)
> for backport to 2.2.x (in reverse order):
>
> *) mod_ssl: Fix tmp DH para
On Tue, May 5, 2015 at 3:06 PM, Hanno Böck wrote:
> I haven't used apache 2.2, but isn't OCSP stapling support still
> missing there?
>
> I think if you're already working on backporting important TLS features
> that should certainly go with them.
My own line for 2.2 would be drawn somewhere bet
I haven't used apache 2.2, but isn't OCSP stapling support still
missing there?
I think if you're already working on backporting important TLS features
that should certainly go with them.
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
pgpNXAgtjh1Er.pgp
Description:
Please note that the primes constants in modules/ssl/ssl_engine_dh.c
are from openssl/crypto/bn/bn_const.c.
FWIW, attached is a (stripped) diff between the two files that shows
constants are the same...
On Tue, May 5, 2015 at 7:12 PM, Yann Ylavic wrote:
> Possible backport patch attached.
>
> On
Possible backport patch attached.
On Tue, May 5, 2015 at 3:14 PM, Yann Ylavic wrote:
> I'd like to propose those 2.4.x CHANGES (r1542327+r1569005+r1542327)
> for backport to 2.2.x (in reverse order):
>
> *) mod_ssl: Fix tmp DH parameter leak, adjust selection to prefer
> larger keys and su
On Tue, May 5, 2015 at 8:08 AM, Eric Covener wrote:
> On Tue, May 5, 2015 at 9:03 AM, Yann Ylavic wrote:
> > But is there real 2.2.x user with OpenSSL < 0.9.8a?
>
> I'm no expert (we use a proprietary toolkit and SSL module where I
> spend most of my time), but that seems like quite an extreme t
_ssl's backports to 2.2.x? (was:
Looking ahead to 2.4.13 / 2.2.30)".
Thanks.
.
I'd like to propose those 2.4.x CHANGES (r1542327+r1569005+r1542327)
for backport to 2.2.x (in reverse order):
*) mod_ssl: Fix tmp DH parameter leak, adjust selection to prefer
larger keys and support up to 8192-bit keys. [Ruediger Pluem,
Joe Orton]
*) mod_ssl: Improve handling of
On Tue, May 5, 2015 at 9:03 AM, Yann Ylavic wrote:
> But is there real 2.2.x user with OpenSSL < 0.9.8a?
I'm no expert (we use a proprietary toolkit and SSL module where I
spend most of my time), but that seems like quite an extreme thing to
preserve in 2.2.x. Maybe worth a separate thread thoug
On Thu, Apr 30, 2015 at 11:52 PM, William A Rowe Jr wrote:
>
> Concerns / observations / thoughts?
I'd like to propose those 2.4.x CHANGES (r1542327+r1569005+r1542327)
for backport to 2.2.x (in reverse order):
*) mod_ssl: Fix tmp DH parameter leak, adjust selection to prefer
larger keys a
On 5/4/15 7:40 AM, Brian J. France wrote:
> While you are in mod_dav, could you review these patches and see if it makes
> sense to add them?
>
> httpd-2.2.x :
> http://www.brianfrance.com/software/apache/dav/mod_dav_fs.diff.22
> httpd-2.4.x :
> http://www.brianfrance.com/software/apache/dav/mo
While you are in mod_dav, could you review these patches and see if it makes
sense to add them?
httpd-2.2.x : http://www.brianfrance.com/software/apache/dav/mod_dav_fs.diff.22
httpd-2.4.x : http://www.brianfrance.com/software/apache/dav/mod_dav_fs.diff.24
We have been running these for a while a
On 5/3/15 8:05 AM, Jim Jagielski wrote:
> Thx!
>
>> On May 1, 2015, at 3:29 PM, Ben Reser wrote:
>>
>> On 4/30/15 2:52 PM, William A Rowe Jr wrote:
>>> It seems that we have 2 groups of good things to come out of ApacheCon,
>>> some immediate fixes for things like BSD project efforts, some pretty
Thx!
> On May 1, 2015, at 3:29 PM, Ben Reser wrote:
>
> On 4/30/15 2:52 PM, William A Rowe Jr wrote:
>> It seems that we have 2 groups of good things to come out of ApacheCon,
>> some immediate fixes for things like BSD project efforts, some pretty
>> straightforward defects that have been resol
On 4/30/15 2:52 PM, William A Rowe Jr wrote:
> It seems that we have 2 groups of good things to come out of ApacheCon,
> some immediate fixes for things like BSD project efforts, some pretty
> straightforward defects that have been resolved... and then there's a bunch
> of energy about enhancements
Yeah... I was gonna propose that once I had the weekend
to take a more in-depth look at 2.4... But I am +1 for
a release v. soon.
Yeah, I'll RM 2.4
> On Apr 30, 2015, at 5:52 PM, William A Rowe Jr wrote:
>
> On Thu, Apr 2, 2015 at 4:46 PM, William A. Rowe Jr.
> wrote:
> On Tue, 31 Mar 2015 10:
On Thu, Apr 2, 2015 at 4:46 PM, William A. Rowe Jr.
wrote:
> On Tue, 31 Mar 2015 10:49:47 -0400
> Jim Jagielski wrote:
>
> > BTW: Would it make sense to consider a release of 2.4.13 in April
> > to coincide w/ ApacheCon?
>
> We've historically produced a release at the beginning of the con.
> It
24 matches
Mail list logo
