On 22.04.2015 18:45, Stefan Eissing wrote: > I understand your argument. My pov is of someone trying to bring > http/2 to the people. While bringing a new httpd on an existing > system seems easy, installing a new system openssl is more > challenging with its dependencies and the changes in hiding non > public parts of their API.
It doesn't necessarily mean replacing the system OpenSSL version. A separately built version (static libs only, which is OpenSSL's default) is fine for mod_ssl - just specify via "./configure --with-ssl=". I believe Ivan Ristic once had something on it in his blog, it's a fairly straightforward and painless option for an admin, I think. Kaspar
