https://bz.apache.org/bugzilla/show_bug.cgi?id=63368
Joe Orton <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |DUPLICATE --- Comment #1 from Joe Orton <[email protected]> --- If browser vendors are choosing not to make this work by default for HTTP/1.1 as it did for TLS/1.2 that is out of our hands, but I don't think it implies we need to deprecate the functionality in mod_ssl. I agree it is a functional regression which will likely impede adoption of TLS/1.3, and I'm not aware of any workaround other than using a separate vhost for client-cert-auth-protected resources. There is an effort to replace PHA at application layer in HTTP/2 which makes sense technically in the long. But that will require time and effort to implement assume it makes it through standardization and won't benefit HTTP/1.1 users. I assume it will require support from OpenSSL as well - https://tools.ietf.org/html/draft-ietf-httpbis-http2-secondary-certs-03 *** This bug has been marked as a duplicate of bug 62975 *** -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
