https://issues.apache.org/bugzilla/show_bug.cgi?id=54324
--- Comment #3 from Christopher Schultz <ch...@christopherschultz.net> --- tcnative is independent from Apache httpd, though it does depend upon the Apache Portable Runtime library which is "part" of Apache httpd. In this case, we're only relying on support from OpenSSL, so the version of Apache httpd is not relevant. Tomcat 7.x releases have historically come about once per month. There is no guarantee this will continue, but it's a reasonable bet. tcnative 1.1.24 was released 2012-06-13. I've just added a number of SSL_OP_* from OpenSSL 1.0 that were missing to tcnative's option-support capabilities, and the option-support caps-detection has been added since 1.1.24 so I'm going to propose 1.1.25 sometime soon. Once you have both of these (tcnative + Tomcat) supporting SSL_OP_NO_COMPRESSION then you should be able to pass your audit. Note that no current versions of mainstream browsers enable SSL compression by default, so this issue is, for the most part, a non-issue. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
