On 11/06/2009 06:45 AM, Nick Kew wrote:
> On 6 Nov 2009, at 05:30, Sander Temme wrote:
>
>> Maybe my understanding is limited and my fu is weak, but I have
>> personally never had a use for mod_unique_id. The only thing it does
>> for me is an error message on startup or, when my server finds i
On 6 Nov 2009, at 05:30, Sander Temme wrote:
Maybe my understanding is limited and my fu is weak, but I have
personally never had a use for mod_unique_id. The only thing it
does for me is an error message on startup or, when my server finds
itself on a box with a hostname that doesn't reso
Folks,
Maybe my understanding is limited and my fu is weak, but I have
personally never had a use for mod_unique_id. The only thing it does
for me is an error message on startup or, when my server finds itself
on a box with a hostname that doesn't resolve to an IP address,
failure. Coul
On Fri, Nov 06, 2009 at 12:00:06AM +, Joe Orton wrote:
> On Thu, Nov 05, 2009 at 09:31:00PM +, Joe Orton wrote:
> > * we can detect in mod_ssl when the client is renegotiating by using the
> > callback installed using SSL_CTX_set_info_callback(), in conjunction
> > with suitable flags in
Dirk-Willem van Gulik wrote:
> Dirk-Willem van Gulik wrote:
>
>> Actually Steve - you may know - what besides the obvious
>>
>> extendedKeyUsage=nsSGC,msSGC
>>
>> in the extension file needs to go into a sub-ca below a
>> self-signed-root-chain to make the browsers dance ? Or have they
>> hardcode
Dirk-Willem van Gulik wrote:
Actually Steve - you may know - what besides the obvious
extendedKeyUsage=nsSGC,msSGC
in the extension file needs to go into a sub-ca below a
self-signed-root-chain to make the browsers dance ? Or have they
hardcoded in some specific CA or similar ? Or is there a t
Dr Stephen Henson wrote:
There are two separate types used by Mozilla (Step up?) and Microsoft SSL/TLS
(SGC?) implementations IIRC. One completes the handshake then starts a new
session the second cuts it half way through.
Been many years since I looked at those though. I recall having to alter
On a phone, so pls excuse my brevity...
I think a lot of your discussion can be easily passed off to Apache Thrift.
Let it handle all the message passing to external procceses, and its
provided multi-language support.
On Nov 5, 2009 4:31 PM, "Graham Dumpleton"
wrote:
2009/11/5 Graham Leggett :
Dr Stephen Henson wrote:
There are two separate types used by Mozilla (Step up?) and Microsoft SSL/TLS
(SGC?) implementations IIRC. One completes the handshake then starts a new
session the second cuts it half way through.
Been many years since I looked at those though. I recall having to alter
Andrews, Rick wrote:
https://www.chase.com
https://www.wellsfargo.com
But I suppose you'll need to locate an old international browser that
does step up, right? Most modern browsers will start with strong crypto
and don't need to step up.
What we really need is 1) a pub/priv key pair of
Dirk-Willem van Gulik wrote:
> we propably
> only have the step up 'Server Gated Certs'* let to check.
>
> Does anyone have such a beast for testing ?
>
There are two separate types used by Mozilla (Step up?) and Microsoft SSL/TLS
(SGC?) implementations IIRC. One completes the handshake then sta
So with Joe his patch doing the right thing it seems (would be nice if
we could get Ben or the OpenSSL guys to confirm that) - that we propably
only have the step up 'Server Gated Certs'* let to check.
Does anyone have such a beast for testing ?
or Rick - could you help us here ?
Thanks,
Dw.
On 11/5/09 4:30 PM, "Graham Dumpleton" wrote:
> Thoughts?
Still digesting, but generally +1 to the entire post.
--
Brian Akins
2009/11/5 Graham Leggett :
> Jim Jagielski wrote:
>
>> Let's get 2.4 out. And then let's rip it to shreds and drop
>> buckets/brigades and fold in serf.
>
> I think we should decide on exactly what problem we're trying to solve,
> before we start thinking about how it is to be solved.
>
> I'm keen
On 06.11.2009 01:12, Joe Orton wrote:
> On Fri, Nov 06, 2009 at 12:00:06AM +, Joe Orton wrote:
> FYI - Dirk points out that you can test this using openssl s_client by
> entering a line with the single character 'R' which s_client treats as a
> command to initiate a renegotiation. Joe
>
>
On 05/11/09 12:38, Graham Leggett wrote:
Jim Jagielski wrote:
Let's get 2.4 out. And then let's rip it to shreds and drop
buckets/brigades and fold in serf.
I think we should decide on exactly what problem we're trying to solve,
before we start thinking about how it is to be solved.
+1
I'
On Fri, Nov 06, 2009 at 12:00:06AM +, Joe Orton wrote:
> On Thu, Nov 05, 2009 at 09:31:00PM +, Joe Orton wrote:
> > * we can detect in mod_ssl when the client is renegotiating by using the
> > callback installed using SSL_CTX_set_info_callback(), in conjunction
> > with suitable flags in
On Thu, Nov 05, 2009 at 09:31:00PM +, Joe Orton wrote:
> * we can detect in mod_ssl when the client is renegotiating by using the
> callback installed using SSL_CTX_set_info_callback(), in conjunction
> with suitable flags in the SSLConnRec to detect the cases where this is
> either a server
On 11/05/2009 11:03 PM, Dirk-Willem van Gulik wrote:
> Joe Orton wrote:
>
>> * we can detect in mod_ssl when the client is renegotiating by using the
>> callback installed using SSL_CTX_set_info_callback(), in conjunction
>> with suitable flags in the SSLConnRec to detect the cases where this is
Joe Orton wrote:
* we can detect in mod_ssl when the client is renegotiating by using the
callback installed using SSL_CTX_set_info_callback(), in conjunction
with suitable flags in the SSLConnRec to detect the cases where this is
either a server-initiated renegotiation or the initial handshake
On Thu, Nov 05, 2009 at 09:38:23PM +0100, Ruediger Pluem wrote:
> If server triggered renegotiation will not work at all, people will just
> ignore the
> update or remove it from 0.9.8l in their self patched versions.
> So overall I guess we would be safer with an approach that
>
> 1. Turns off r
How about support of openmp?
Regards,
Jie
On 11/05/2009 06:32 PM, Joe Orton wrote:
> On Thu, Nov 05, 2009 at 03:39:06PM +, Ben Laurie wrote:
>> Joe Orton wrote:
>>> In the short term, I think it would be useful to have a new SSL_OP_*
>>> flag which enables rejection of a client-initiated handshake in an SSL
>>> server. This will f
On Thu, 2009-11-05 at 13:38 +0200, Graham Leggett wrote:
> I'm keen to teach httpd v3.0 to work asynchronously throughout - still
> maintaining the prefork behaviour as a sensible default[1], but being
> asynchronous and non blocking throughout.
>
> [1] The fact that dodgy module code can leak, cr
24 matches
Mail list logo
