https://issues.apache.org/bugzilla/show_bug.cgi?id=57375
Kaspar Brand <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Version|2.4.10 |2.5-HEAD Summary|[PATCH] Unbreak 2.4 build |Support LibreSSL as an |with LibreSSL |alternative toolkit for | |mod_ssl Severity|normal |enhancement --- Comment #1 from Kaspar Brand <[email protected]> --- Rewording the summary to more accurately capture the topic of this bug. I'm not really supportive of this idea, to be frank. mod_ssl is effectively mod_openssl these days. It used to have (and in 2.2.x still does) an ssl_toolkit_compat layer which allowed support for multiple toolkits, in theory, but as discussed in these two threads, the consensus in 2010/2011 was to deliberately drop support for non-OpenSSL toolkits: https://mail-archives.apache.org/mod_mbox/httpd-dev/201005.mbox/%3C20100525124551.GA11177%40redhat.com%3E https://mail-archives.apache.org/mod_mbox/httpd-dev/201107.mbox/%3C4E35065D.30104%40velox.ch%3E (see r1154683 and and r1154687) While the changes for supporting LibreSSL might seem small right now, it would definitely mean that mod_ssl maintenance becomes [again] more complex, assuming a scenario of LibreSSL deviating more substantially from OpenSSL in the future (consider http://www.openbsd.org/cgi-bin/man.cgi?query=tls_init&sektion=3 e.g.). Maintaining mod_ssl compatibility with all OpenSSL versions still floating around (0.9.7/0.9.8/1.0.0/1.0.1) is already quite burdensome, and I wouldn't want to make things more complicated by adding another toolkit to the mix (otherwise, next on the table would be BoringSSL, I guess). Let's draw a clear line right now, and not silently morph mod_[open]ssl into something like mod_{libre,boring,...}ssl. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
