https://bz.apache.org/bugzilla/show_bug.cgi?id=55707
--- Comment #9 from Mike Haller <m...@webscale.com> --- Thanks for looking Stefan. > Is there, in this setup, a way to successfully connect to the vhost? The point of the patch is to prevent a successful connection to the vhost at the TLS protocol layer. If that's not what you want and you instead wish to produce a friendly error message for some versions, you can already configure mod_ssl to accept all versions, and to publish the SSL_PROTOCOL env var, and then use any number of ways (e.g. rewrite, setenvif) to produce an error page if there is a version you do not wish to accept. > ... the *server admin* gets an ERR/WARNING by a post config check in > mod_ssl. >From a user's perspective, they see behavior no different than if they attempt to connect with a TLS version that is not specified in the default server's SSLProtocol: a protocol version alert. Is the startup warning suggestion because this patch changes the existing behavior that current configurations will accept versions that are not allowed by a vhost's SSLProtocol? -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
