Re: svn commit: r1877397 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_init.c modules/ssl/ssl_engine_io.c modules/ssl/ssl_engine_kernel.c modules/ssl/ssl_private.h modules/ssl/ssl_util_ssl.c

On Fri, May 15, 2020 at 11:20:51PM +0200, Yann Ylavic wrote: > On Fri, May 15, 2020 at 8:59 PM Ruediger Pluem wrote: > > > > On 5/15/20 6:50 PM, Yann Ylavic wrote: > > > > > > Somehow this change (bisected) broke many framework tests for me: > > > t/ssl/* and t/security/CVE-*, the ones using

Re: svn commit: r1877397 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_init.c modules/ssl/ssl_engine_io.c modules/ssl/ssl_engine_kernel.c modules/ssl/ssl_private.h modules/ssl/ssl_util_ssl.c

On Fri, May 15, 2020 at 8:59 PM Ruediger Pluem wrote: > > On 5/15/20 6:50 PM, Yann Ylavic wrote: > > > > Somehow this change (bisected) broke many framework tests for me: > > t/ssl/* and t/security/CVE-*, the ones using mod_ssl I suppose. > > This is with openssl 1.1.1, and "SSLProtocol all

Re: svn commit: r1877397 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_init.c modules/ssl/ssl_engine_io.c modules/ssl/ssl_engine_kernel.c modules/ssl/ssl_private.h modules/ssl/ssl_util_ssl.c

On 5/15/20 6:50 PM, Yann Ylavic wrote: > On Tue, May 5, 2020 at 2:40 PM wrote: >> >> Author: jorton >> Date: Tue May 5 12:40:38 2020 >> New Revision: 1877397 >> >> URL: http://svn.apache.org/viewvc?rev=1877397=rev >> Log: >> mod_ssl: Switch to using SSL_OP_NO_RENEGOTATION (where available) to

Re: svn commit: r1877397 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_init.c modules/ssl/ssl_engine_io.c modules/ssl/ssl_engine_kernel.c modules/ssl/ssl_private.h modules/ssl/ssl_util_ssl.c

On Tue, May 5, 2020 at 2:40 PM wrote: > > -/* With TLS 1.3 this callback may be called multiple times on the first > - * negotiation, so the below logic to detect renegotiations can't work. > - * Fortunately renegotiations are forbidden starting with TLS 1.3, and > - * this is

Re: svn commit: r1877397 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_init.c modules/ssl/ssl_engine_io.c modules/ssl/ssl_engine_kernel.c modules/ssl/ssl_private.h modules/ssl/ssl_util_ssl.c

On Tue, May 5, 2020 at 2:40 PM wrote: > > Author: jorton > Date: Tue May 5 12:40:38 2020 > New Revision: 1877397 > > URL: http://svn.apache.org/viewvc?rev=1877397=rev > Log: > mod_ssl: Switch to using SSL_OP_NO_RENEGOTATION (where available) to > block client-initiated renegotiation with TLSv1.2

Re: svn commit: r1877397 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_init.c modules/ssl/ssl_engine_io.c modules/ssl/ssl_engine_kernel.c modules/ssl/ssl_private.h modules/ssl/ssl_util_ssl.c

On 5/5/20 6:04 PM, Joe Orton wrote: > On Tue, May 05, 2020 at 03:23:18PM +0200, Ruediger Pluem wrote: >> On 5/5/20 2:40 PM, jor...@apache.org wrote: >>> Author: jorton >>> Date: Tue May 5 12:40:38 2020 >>> New Revision: 1877397 >>> >>> URL: http://svn.apache.org/viewvc?rev=1877397=rev >>> Log:

Re: svn commit: r1877397 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_init.c modules/ssl/ssl_engine_io.c modules/ssl/ssl_engine_kernel.c modules/ssl/ssl_private.h modules/ssl/ssl_util_ssl.c

On Tue, May 05, 2020 at 03:23:18PM +0200, Ruediger Pluem wrote: > On 5/5/20 2:40 PM, jor...@apache.org wrote: > > Author: jorton > > Date: Tue May 5 12:40:38 2020 > > New Revision: 1877397 > > > > URL: http://svn.apache.org/viewvc?rev=1877397=rev > > Log: > > mod_ssl: Switch to using

Re: svn commit: r1877397 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_init.c modules/ssl/ssl_engine_io.c modules/ssl/ssl_engine_kernel.c modules/ssl/ssl_private.h modules/ssl/ssl_util_ssl.c

On 5/5/20 2:40 PM, jor...@apache.org wrote: > Author: jorton > Date: Tue May 5 12:40:38 2020 > New Revision: 1877397 > > URL: http://svn.apache.org/viewvc?rev=1877397=rev > Log: > mod_ssl: Switch to using SSL_OP_NO_RENEGOTATION (where available) to > block client-initiated renegotiation with