From my perspective - as a simple packager (re: openssl - old versions) I
run into the problem of only being able to get to 0.9.8.k (AIX 5.3 TL12).
With AIX 6.1 and 7.1 it would be openssl-1.0.0(something - do not know by
memory what patchlevel IBM openssl.base is at). Personally, I am going to
I never assume it is easy. As far as AIX goes, it would be easier for me,
as a packager to ignore AIX 5.3. But, for now, what I package for AIX 5.3
(TL7 and later) also works on AIX 6.1 and AIX 7.1 - unchanged.
Getting people to update is hard. Some do it automatically - proud to be
bleading
FWIW...
On Fri, May 8, 2015 at 2:16 AM, Michael Felt mamf...@gmail.com wrote:
From my perspective - as a simple packager (re: openssl - old versions) I
run into the problem of only being able to get to 0.9.8.k (AIX 5.3 TL12)
So, an operating system that has been unsupported for the past 2
On Tue, May 5, 2015 at 3:14 PM, Yann Ylavic ylavic@gmail.com wrote:
*) mod_ssl: Improve handling of ephemeral DH and ECDH keys by
allowing custom parameters to be configured via SSLCertificateFile,
and by adding standardized DH parameters for 1024/2048/3072/4096 bits.
+1
On Thu, May 7, 2015 at 6:45 PM, William A Rowe Jr wr...@rowe-clan.net wrote:
Looking at the proposals in RFC 7525, I'm thinking this is a good time to
re-sync
httpd to these guidelines, even if it defers these releases by a week.
WDYT?
Bill
On Fri, May 1, 2015 at 6:42 AM, Jim Jagielski
Looking at the proposals in RFC 7525, I'm thinking this is a good time to
re-sync
httpd to these guidelines, even if it defers these releases by a week.
WDYT?
Bill
On Fri, May 1, 2015 at 6:42 AM, Jim Jagielski j...@jagunet.com wrote:
Yeah... I was gonna propose that once I had the weekend
to
I'd like to propose those 2.4.x CHANGES (r1542327+r1569005+r1542327)
for backport to 2.2.x (in reverse order):
*) mod_ssl: Fix tmp DH parameter leak, adjust selection to prefer
larger keys and support up to 8192-bit keys. [Ruediger Pluem,
Joe Orton]
*) mod_ssl: Improve handling of
to 2.2.x? (was:
Looking ahead to 2.4.13 / 2.2.30).
Thanks.
.
On Tue, May 5, 2015 at 9:03 AM, Yann Ylavic ylavic@gmail.com wrote:
But is there real 2.2.x user with OpenSSL 0.9.8a?
I'm no expert (we use a proprietary toolkit and SSL module where I
spend most of my time), but that seems like quite an extreme thing to
preserve in 2.2.x. Maybe worth a
On Thu, Apr 30, 2015 at 11:52 PM, William A Rowe Jr wr...@rowe-clan.net wrote:
Concerns / observations / thoughts?
I'd like to propose those 2.4.x CHANGES (r1542327+r1569005+r1542327)
for backport to 2.2.x (in reverse order):
*) mod_ssl: Fix tmp DH parameter leak, adjust selection to prefer
On May 5, 2015 4:31 PM, olli hauer oha...@gmx.de wrote:
Perhaps it is also a good time do kick SSLv2 support from 2.2.x ;)
We are deliberately not that disruptive to users. Our goal is to push more
secure code at users, but not at the risk of their electing to not update,
due to such blunt
Please note that the primes constants in modules/ssl/ssl_engine_dh.c
are from openssl/crypto/bn/bn_const.c.
FWIW, attached is a (stripped) diff between the two files that shows
constants are the same...
On Tue, May 5, 2015 at 7:12 PM, Yann Ylavic ylavic@gmail.com wrote:
Possible backport
Possible backport patch attached.
On Tue, May 5, 2015 at 3:14 PM, Yann Ylavic ylavic@gmail.com wrote:
I'd like to propose those 2.4.x CHANGES (r1542327+r1569005+r1542327)
for backport to 2.2.x (in reverse order):
*) mod_ssl: Fix tmp DH parameter leak, adjust selection to prefer
On Tue, May 5, 2015 at 8:08 AM, Eric Covener cove...@gmail.com wrote:
On Tue, May 5, 2015 at 9:03 AM, Yann Ylavic ylavic@gmail.com wrote:
But is there real 2.2.x user with OpenSSL 0.9.8a?
I'm no expert (we use a proprietary toolkit and SSL module where I
spend most of my time), but
On Tue, May 5, 2015 at 3:06 PM, Hanno Böck ha...@hboeck.de wrote:
I haven't used apache 2.2, but isn't OCSP stapling support still
missing there?
I think if you're already working on backporting important TLS features
that should certainly go with them.
My own line for 2.2 would be drawn
I haven't used apache 2.2, but isn't OCSP stapling support still
missing there?
I think if you're already working on backporting important TLS features
that should certainly go with them.
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
pgpNXAgtjh1Er.pgp
On 2015-05-05 15:03, Yann Ylavic wrote:
On Thu, Apr 30, 2015 at 11:52 PM, William A Rowe Jr wr...@rowe-clan.net
wrote:
Concerns / observations / thoughts?
I'd like to propose those 2.4.x CHANGES (r1542327+r1569005+r1542327)
for backport to 2.2.x (in reverse order):
*) mod_ssl: Fix
While you are in mod_dav, could you review these patches and see if it makes
sense to add them?
httpd-2.2.x : http://www.brianfrance.com/software/apache/dav/mod_dav_fs.diff.22
httpd-2.4.x : http://www.brianfrance.com/software/apache/dav/mod_dav_fs.diff.24
We have been running these for a while
On 5/4/15 7:40 AM, Brian J. France wrote:
While you are in mod_dav, could you review these patches and see if it makes
sense to add them?
httpd-2.2.x :
http://www.brianfrance.com/software/apache/dav/mod_dav_fs.diff.22
httpd-2.4.x :
Thx!
On May 1, 2015, at 3:29 PM, Ben Reser b...@reser.org wrote:
On 4/30/15 2:52 PM, William A Rowe Jr wrote:
It seems that we have 2 groups of good things to come out of ApacheCon,
some immediate fixes for things like BSD project efforts, some pretty
straightforward defects that have been
On 5/3/15 8:05 AM, Jim Jagielski wrote:
Thx!
On May 1, 2015, at 3:29 PM, Ben Reser b...@reser.org wrote:
On 4/30/15 2:52 PM, William A Rowe Jr wrote:
It seems that we have 2 groups of good things to come out of ApacheCon,
some immediate fixes for things like BSD project efforts, some
On 4/30/15 2:52 PM, William A Rowe Jr wrote:
It seems that we have 2 groups of good things to come out of ApacheCon,
some immediate fixes for things like BSD project efforts, some pretty
straightforward defects that have been resolved... and then there's a bunch
of energy about enhancements
Yeah... I was gonna propose that once I had the weekend
to take a more in-depth look at 2.4... But I am +1 for
a release v. soon.
Yeah, I'll RM 2.4
On Apr 30, 2015, at 5:52 PM, William A Rowe Jr wr...@rowe-clan.net wrote:
On Thu, Apr 2, 2015 at 4:46 PM, William A. Rowe Jr. wr...@rowe-clan.net
On Thu, Apr 2, 2015 at 4:46 PM, William A. Rowe Jr. wr...@rowe-clan.net
wrote:
On Tue, 31 Mar 2015 10:49:47 -0400
Jim Jagielski j...@jagunet.com wrote:
BTW: Would it make sense to consider a release of 2.4.13 in April
to coincide w/ ApacheCon?
We've historically produced a release at the
24 matches
Mail list logo