Brian Reichert wrote: > Hello, folks; hopefully this is the correct form for this question. > > I'm running an Apache server under SLES21 SP3, and I'm trying to > get mod_nss to utilize the 'extended_master_secret' extension > described by RFC 7627. > > Misc versions of packages on this platform: > > foo:~ # rpm -qa | grep nss > libopenssl1_0_0-1.0.2j-60.55.1.x86_64 > mozilla-nss-certs-3.45-58.31.1.x86_64 > mozilla-nss-3.45-58.31.1.x86_64 > mozilla-nss-tools-3.45-58.31.1.x86_64 > libopenssl1_0_0-32bit-1.0.2j-60.55.1.x86_64 > apache2-mod_nss-1.0.14-19.6.3.x86_64 > insserv-compat-0.1-13.1.noarch > openssh-7.2p2-74.54.1.x86_64 > openssh-helpers-7.2p2-74.54.1.x86_64 > openssl-1.0.2j-60.55.1.x86_64 > openssh-askpass-1.2.4.1-7.5.x86_64 > > I've confirmed the underlying mozilla-nss version does support this > extension. > > But, I can't seem to get a mod_nss config file to do so. > > My understanding is the underlying NSS SSL_OptionSet macro is > SSL_ENABLE_EXTENDED_MASTER_SECRET, but I can't find a config file > directive to engage this. > > Does apache2-mod_nss-1.0.14 allow for some means of supporting this > extension? >
There is no config setting for this option. The only way to enable it if the underlying nss does not enable it by default would be to modify and rebuild the package. rob _______________________________________________ Mod_nss-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/mod_nss-list
