On Fri, May 15, 2020 at 11:20:51PM +0200, Yann Ylavic wrote:
> On Fri, May 15, 2020 at 8:59 PM Ruediger Pluem wrote:
> >
> > On 5/15/20 6:50 PM, Yann Ylavic wrote:
> > >
> > > Somehow this change (bisected) broke many framework tests for me:
> > > t/ssl/* and t/security/CVE-*, the ones using
On Fri, May 15, 2020 at 8:59 PM Ruediger Pluem wrote:
>
> On 5/15/20 6:50 PM, Yann Ylavic wrote:
> >
> > Somehow this change (bisected) broke many framework tests for me:
> > t/ssl/* and t/security/CVE-*, the ones using mod_ssl I suppose.
> > This is with openssl 1.1.1, and "SSLProtocol all
On 5/15/20 6:50 PM, Yann Ylavic wrote:
> On Tue, May 5, 2020 at 2:40 PM wrote:
>>
>> Author: jorton
>> Date: Tue May 5 12:40:38 2020
>> New Revision: 1877397
>>
>> URL: http://svn.apache.org/viewvc?rev=1877397=rev
>> Log:
>> mod_ssl: Switch to using SSL_OP_NO_RENEGOTATION (where available) to
On Tue, May 5, 2020 at 2:40 PM wrote:
>
> -/* With TLS 1.3 this callback may be called multiple times on the first
> - * negotiation, so the below logic to detect renegotiations can't work.
> - * Fortunately renegotiations are forbidden starting with TLS 1.3, and
> - * this is
On Tue, May 5, 2020 at 2:40 PM wrote:
>
> Author: jorton
> Date: Tue May 5 12:40:38 2020
> New Revision: 1877397
>
> URL: http://svn.apache.org/viewvc?rev=1877397=rev
> Log:
> mod_ssl: Switch to using SSL_OP_NO_RENEGOTATION (where available) to
> block client-initiated renegotiation with TLSv1.2
On 5/5/20 6:04 PM, Joe Orton wrote:
> On Tue, May 05, 2020 at 03:23:18PM +0200, Ruediger Pluem wrote:
>> On 5/5/20 2:40 PM, jor...@apache.org wrote:
>>> Author: jorton
>>> Date: Tue May 5 12:40:38 2020
>>> New Revision: 1877397
>>>
>>> URL: http://svn.apache.org/viewvc?rev=1877397=rev
>>> Log:
On Tue, May 05, 2020 at 03:23:18PM +0200, Ruediger Pluem wrote:
> On 5/5/20 2:40 PM, jor...@apache.org wrote:
> > Author: jorton
> > Date: Tue May 5 12:40:38 2020
> > New Revision: 1877397
> >
> > URL: http://svn.apache.org/viewvc?rev=1877397=rev
> > Log:
> > mod_ssl: Switch to using
On 5/5/20 2:40 PM, jor...@apache.org wrote:
> Author: jorton
> Date: Tue May 5 12:40:38 2020
> New Revision: 1877397
>
> URL: http://svn.apache.org/viewvc?rev=1877397=rev
> Log:
> mod_ssl: Switch to using SSL_OP_NO_RENEGOTATION (where available) to
> block client-initiated renegotiation with