Can we wait with the naming discussion after I opened my Friday evening Wine bottle?
> Am 25.10.2019 um 10:16 schrieb Yann Ylavic <[email protected]>: > > On Fri, Oct 25, 2019 at 9:56 AM Stefan Eissing > <[email protected]> wrote: >> >> While I like this change and think, ideally, it would have behaved like this >> all the time, I think we need to make this "opt-in" for 2.4. > > So now the "how" and name bikeshedding :) > > SSLHonorVhostProtocol on/off (default: off) at the server config scope (only)? >> >> If I understand this correctly: if someone has some old >> SSLProtocol/Cipher/etc. setting sitting in a vhost, *ineffective now since >> it is not the first vhost*, this change would activate it. So it could >> expose a site to a TLS setting that is not appropriate for it. One could >> argue that the first mistake was for the admin to leave that setting there, >> but... >> >> - Stefan >> >>> Am 25.10.2019 um 09:46 schrieb Yann Ylavic <[email protected]>: >>> >>> On Sun, Oct 20, 2019 at 12:50 PM <[email protected]> wrote: >>>> >>>> Author: ylavic >>>> Date: Sun Oct 20 10:50:33 2019 >>>> New Revision: 1868645 >>>> >>>> URL: http://svn.apache.org/viewvc?rev=1868645&view=rev >>>> Log: >>>> mod_ssl: negotiate the TLS protocol version per name based vhost >>>> configuration. >>> >>> I'm planning to propose this for backport to 2.4.x, but wonder if it >>> should be opt in/out. >>> >>> I can see potential behaviour change for existing configurations if, >>> for instance, one has specified some SSLProtocol at the base server >>> level but none (relying on the current behaviour) or something >>> different (somehow working unwittingly of his/her own free will) at >>> the other name-based vhost(s) level. >>> >>> Thoughts? >>> >>> Regards, >>> Yann. >>
