On Mon, Apr 14, 2014 at 10:07:30PM +0200, Kurt Roeckx wrote: > On Mon, Apr 14, 2014 at 09:57:21PM +0200, Stefan Fritsch wrote: > > Am Montag, 14. April 2014, 21:18:46 schrieb Philipp Kern: > > > So I'd say that we should go and add ECDHE support to Apache as > > > suggested and also patch OpenSSL for the OS X bug as the > > > fingerprinting landed upstream and we would merely replicate > > > current upstream behavior. > > > > OK, sounds good. > > > > Kurt, if the openssl patch is like [1], it would require that apache2 > > is built against the updated version of openssl, due to the changed > > value of SSL_OP_ALL. Can you please ping me when you have uploaded the > > new package? Also, you should probably mention in the changelog that > > only recompiled applications get to use the workaround. > > I'll let you know when I've done an upload.
I would like to also add support for the padding extention in stable. It's part of the 1.0.1g release. IETF Draft: http://tools.ietf.org/html/draft-agl-tls-padding-03 Patches: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4a55631e4dc76fb8d668218bf461c45a9abc5b94 http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51624dbdaed5325ac763e63dc5eb0b3ef85d6489 Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org