Since parts of the changes in mod_ssl for SSLPolicy have now been affected
by changes for TLSv1.3 and there has not been real interest in backporting
SSLPolicy this year anyway, I withdraw the proposal.
The TLSv1.3 changes are not fit for backport since I was unable to verify
that my fixes to clie
Thanks for the review! I will take this and clean up the code, mod_ssl
certainly deserves it.
> Am 23.05.2018 um 09:51 schrieb Joe Orton :
>
> Easier to do here than dump in STATUS; looking at reviewing the 2.4.x
> backport:
>
> https://svn.apache.org/repos/asf/httpd/httpd/patches/2.4.x/ssl-po
> Am 14.08.2017 um 17:14 schrieb Eric Covener :
>
>> I hope this looks attractive to you. All bugs are mine. Let me know what you
>> think.
>
> It looks neat. I think accessible doc will be key.
This is now addressed in v3 (attached below): I added DUMP code that lists all
dfined SSLPolicy r
Woah! I just read ssl_init_ctx_protocol()...that's... quite something.
So, basically, what our SSLProtocol does is
- select the proper _new() variant for the SSL_CTX_new()
- disable known protocol versions not set in our bitmask
- set the max protocol version based on our bitmask
What does that m
Am 14.08.2017 um 17:14 schrieb Eric Covener :
>> I hope this looks attractive to you. All bugs are mine. Let me know what you
>> think.
>
> It looks neat. I think accessible doc will be key.
yes. I was thinking of generating, but had no bright idea so far.
> But for the sake of discussion,
> I hope this looks attractive to you. All bugs are mine. Let me know what you
> think.
It looks neat. I think accessible doc will be key.
But for the sake of discussion, what will we do / what will
distributors do when say TLS1.3 or some esoteric part of it is only
available in some SSL toolki
acros in the ssl section.'
> --
> Daniel Ruggeri
>
> From: Luca Toscano
> Sent: August 4, 2017 6:38:16 AM CDT
> To: Apache HTTP Server Development List ,
> nickgea...@gmail.com
> Subject: Re: SSLPolicy
>
> Hi Nick,
>
> 2017-08-04 13:06 GMT+02:00 Nick Gearls :
> Am 04.08.2017 um 23:28 schrieb William A Rowe Jr :
>
> On Fri, Aug 4, 2017 at 4:26 AM, Stefan Eissing
> wrote:
>> I talked about some kind of SSL Policy definition in httpd's configuration
>> in the past and am now about to get serious about it. Here is what I wan to
>> do:
>>
>> Recap: the g
:38:16 AM CDT
> *To:* Apache HTTP Server Development List ,
> nickgea...@gmail.com
> *Subject:* Re: SSLPolicy
>
> Hi Nick,
>
> 2017-08-04 13:06 GMT+02:00 Nick Gearls :
>
>> This can be done using mod_macro without any additional code
>
>
> my 2c: Stefan's
ugust 4, 2017 6:38:16 AM CDT
To: Apache HTTP Server Development List ,
nickgea...@gmail.com
Subject: Re: SSLPolicy
Hi Nick,
2017-08-04 13:06 GMT+02:00 Nick Gearls :
> This can be done using mod_macro without any additional code
my 2c: Stefan's point is to simplify the management of thi
On Fri, Aug 4, 2017 at 4:26 AM, Stefan Eissing
wrote:
> I talked about some kind of SSL Policy definition in httpd's configuration
> in the past and am now about to get serious about it. Here is what I wan to
> do:
>
> Recap: the general idea is
> 2. Provide a set of already defined policies that
On 08/04/2017 04:38 AM, Luca Toscano wrote:
I agree that mod_macro is flexible enough to improve the reusability of
httpd's configuration, but I don't think that the goals that Stefan has
in mind are satisfiable with your proposed solution.
If we find ourselves doing more of this syntactic sug
Hi Nick,
2017-08-04 13:06 GMT+02:00 Nick Gearls :
> This can be done using mod_macro without any additional code
my 2c: Stefan's point is to simplify the management of things that have
been done up to now using workarounds and elegant hacks:
> On 04-08-2017 11:26, Stefan Eissing wrote:
>>
>>
This can be done using mod_macro without any additional code
On 04-08-2017 11:26, Stefan Eissing wrote:
I talked about some kind of SSL Policy definition in httpd's configuration
in the past and am now about to get serious about it. Here is what I wan to
do:
Recap: the general idea is
1. Give a
14 matches
Mail list logo