Am 16.10.2015 um 19:27 schrieb Eric Covener:
What's with the backwards start and end there? Does the
successor/predecessor override FIRST/MIDDLE/LAST?
backwards?
successor/predecessor are:
static const char * const autoindex_module[] = { "mod_autoindex.c", NULL };
On Fri, Oct 16, 2015 at 1:27 PM, Eric Covener wrote:
> What's with the backwards start and end there? Does the
> successor/predecessor override FIRST/MIDDLE/LAST?
>
>
> -- Forwarded message --
> From:
> Date: Fri, Oct 16, 2015 at 1:24 PM
On 10/15/2015 01:53 PM, Paul Spangler wrote:
Bump in case anyone is interested now that the list has died down a bit.
I'm a little biased :) but I am still interested.
From a practical angle, Paul's patch makes session-based applications
usable with databases that have more expensive writes
What's with the backwards start and end there? Does the
successor/predecessor override FIRST/MIDDLE/LAST?
-- Forwarded message --
From:
Date: Fri, Oct 16, 2015 at 1:24 PM
Subject: [Bug 58498] Apache 2.4.17: Regression with mod_autoindex (in
combination
Hello Paul,
sorry for the delay...
On Thu, Oct 15, 2015 at 10:53 PM, Paul Spangler wrote:
> On 8/20/2015 4:58 PM, Paul Spangler wrote:
>>
>> The bug report contains a more detailed explanation of the patch, but
>> there are some points I thought might lead to some
Am 16.10.2015 um 08:25 schrieb Jacob Champion:
On 10/15/2015 11:18 PM, Jacob Champion wrote:
it looks like ap_init_scoreboard() doesn't try to maintain any
particular alignment when it's assigning pointers from more_storage.
Though one would think your compiler would be padding out the struct
On 10/15/2015 08:53 PM, Eric Covener wrote:
We recently merged 2.4.17 and saw some bus errors on hp/ia64 and
solaris/sparc64. Selectively backing things out, it appears that the
SO_REUSEPORT patch causes the worker_score to no longer (necessarily)
be double-word aligned.
I don't have any
On Fri, Oct 16, 2015 at 5:53 AM, Eric Covener wrote:
> We recently merged 2.4.17 and saw some bus errors on hp/ia64 and
> solaris/sparc64. Selectively backing things out, it appears that the
> SO_REUSEPORT patch causes the worker_score to no longer (necessarily)
> be
On 10/15/2015 11:18 PM, Jacob Champion wrote:
it looks like ap_init_scoreboard() doesn't try to maintain any
particular alignment when it's assigning pointers from more_storage.
Though one would think your compiler would be padding out the struct to
a double-word multiple anyway. Hrm.
Hi Stefan, here is the output of both checks. Note I will confirm also
curl is compiled with http2 support and will also show curl -V output.
Curl -V
"curl 7.45.0 (amd64-portbld-freebsd9.3) libcurl/7.45.0 OpenSSL/1.0.2d
zlib/1.2.8 libidn/1.31 nghttp2/1.3.4
Protocols: dict file ftp ftps gopher
On Wed, Oct 14, 2015 at 2:10 PM, wrote:
> Author: icing
> Date: Wed Oct 14 12:10:11 2015
> New Revision: 1708593
>
> URL: http://svn.apache.org/viewvc?rev=1708593=rev
> Log:
> mod_http2: new directive H2Compliance on/off, checking TLS protocol and
> cipher against RFC7540
>
[]
I am not blacklisting ciphers for the whole server. I try to define
the security settings required for HTTP/2 as defined in the standard -
as a configurable directive.
There is no problem with denying HTTP/2 support for an IE8.
//Stefan
> Am 16.10.2015 um 12:53 schrieb Chris
Chris,
I wrote some advice at https://icing.github.io/mod_h2/howto.html already.
There are several checks described. Which one fails for you and how? I need
the output of the step that differs from the advice. Just a verbal description
is not enough. Thx.
//Stefan
> Am 16.10.2015 um 11:00
Lets move this to the users list where others can also see it.
> Am 16.10.2015 um 11:22 schrieb Chris :
>
> Hi Stefan, here is the output of both checks. Note I will confirm also
> curl is compiled with http2 support and will also show curl -V output.
>
> Curl -V
> "curl
The blacklist does look too radical to me as well. My server was
configured with some in that list.
Also it can place a server admin in a tough position e.g. what if they
want to support IE8, or maybe android2 which doesn thave tls 1.2
stuff, but also support h2, they would be forced to choose
Hi guys.
Was excited to see the module got added to 2.4.17 but I cannot get it
to work in my testing following information from this url.
https://icing.github.io/mod_h2/howto.html#http
So what is confirmed working?
I compiled apache with the appropriate configure flag.
I can confirm in the
do you want me to repost this there then?
On 16 October 2015 at 10:36, Stefan Eissing
wrote:
> Lets move this to the users list where others can also see it.
>
>> Am 16.10.2015 um 11:22 schrieb Chris :
>>
>> Hi Stefan, here is the output of both
Hi Yann,
I am not a cipher expert enough to know why the list in RFC 7540 was compiled
this way... :(
But indeed, there is a good sized overlap. And that does not make sense. I have
sent a mail to the httpwg mailing list, asking for enlightment.
If the blacklist in RFC 7540 proves to be
I seem to recall similar issues w/ the shm slotmem impl...
> On Oct 16, 2015, at 8:35 AM, Rainer Jung wrote:
>
> Am 16.10.2015 um 13:54 schrieb Yann Ylavic:
>> On Fri, Oct 16, 2015 at 10:02 AM, Yann Ylavic wrote:
>>>
>>> We should do something
Hi Jan,
On Fri, Oct 16, 2015 at 1:58 PM, Jan Kaluža wrote:
> Hi,
>
> httpd 2.4.17 segfaults when used with prefork MPM (and probably also with
> other MPMs) and -X option since r1705492.
>
> The crash happens in the following call in prefork.c (and probably also
> worker.c
On Fri, Oct 16, 2015 at 1:38 PM, Yann Ylavic wrote:
>
> Actually I tried some brute bash script (attached) to show what
> remains compared to "openssl ciphers ALL", and the result is:
>
> * libressl/install/2.2.1/bin/openssl:
> - ECDHE-ECDSA-CHACHA20-POLY1305
> -
On 16 Oct 2015, at 12:56 PM, Stefan Eissing
wrote:
> I am not blacklisting ciphers for the whole server. I try to define
> the security settings required for HTTP/2 as defined in the standard -
> as a configurable directive.
>
> There is no problem with denying
Yes, I proposed something along those lines at the http workshop this summer.
Needs some more pushing, it seems.
There is one thing that I understood to be implied by all this: that h2 is not
negotiated when the security is too weak. Which, the more I think and
implemented about it, does not
Hi,
httpd 2.4.17 segfaults when used with prefork MPM (and probably also
with other MPMs) and -X option since r1705492.
The crash happens in the following call in prefork.c (and probably also
worker.c and so on):
ap_mpm_pod_check(my_bucket->pod)
pod is NULL and later dereferenced.
On Fri, Oct 16, 2015 at 12:21 PM, Yann Ylavic wrote:
>
> And maybe more importantly, what remains currently?
Actually I tried some brute bash script (attached) to show what
remains compared to "openssl ciphers ALL", and the result is:
* libressl/install/2.2.1/bin/openssl:
On Fri, Oct 16, 2015 at 2:48 PM, Yann Ylavic wrote:
> On Fri, Oct 16, 2015 at 2:35 PM, Rainer Jung wrote:
>>
>> I didn't yet have the time to reproduce and test your patch, but the
>> APR_ALIGN((size),sizeof(void *)) align approach would not work.
On Fri, Oct 16, 2015 at 1:38 PM, Yann Ylavic wrote:
>
> Actually I tried some brute bash script (attached)
Really attached now...
http2_vs_openssl.sh
Description: Bourne shell script
On Fri, Oct 16, 2015 at 10:02 AM, Yann Ylavic wrote:
>
> We should do something like the following patch:
>
> Index: server/scoreboard.c
> ===
> --- server/scoreboard.c(revision 1708095)
> +++
Am 16.10.2015 um 13:54 schrieb Yann Ylavic:
On Fri, Oct 16, 2015 at 10:02 AM, Yann Ylavic wrote:
We should do something like the following patch:
Index: server/scoreboard.c
===
--- server/scoreboard.c
On Fri, Oct 16, 2015 at 2:35 PM, Rainer Jung wrote:
>
> I didn't yet have the time to reproduce and test your patch, but the
> APR_ALIGN((size),sizeof(void *)) align approach would not work. The problem
> here is that even or especially when building for 32 Bits and then
On Fri, Oct 16, 2015 at 3:08 PM, Rainer Jung wrote:
> Am 16.10.2015 um 14:56 schrieb Yann Ylavic:
>>
>> On Fri, Oct 16, 2015 at 2:48 PM, Yann Ylavic wrote:
>>>
>>> On Fri, Oct 16, 2015 at 2:35 PM, Rainer Jung
>>> wrote:
On Fri, Oct 16, 2015 at 2:33 PM, Yann Ylavic wrote:
> On Fri, Oct 16, 2015 at 1:38 PM, Yann Ylavic wrote:
>>
>> Actually I tried some brute bash script (attached) to show what
>> remains compared to "openssl ciphers ALL", and the result is:
>>
>> *
On Fri, Oct 16, 2015 at 01:58:17PM +0200, Jan Kaluža wrote:
> httpd 2.4.17 segfaults when used with prefork MPM (and probably also
> with other MPMs) and -X option since r1705492.
>
> The crash happens in the following call in prefork.c (and probably
> also worker.c and so on):
Works fine here
On Fri, Oct 16, 2015 at 3:16 PM, Yann Ylavic wrote:
> On Fri, Oct 16, 2015 at 3:08 PM, Rainer Jung wrote:
>>
>> Wasn't the bus error occuring in
>>
>> ws->last_used = apr_time_now();
>>
>> and the address is
>>
>> (dbx) print &(ws->last_used)
>>
Am 16.10.2015 um 14:56 schrieb Yann Ylavic:
On Fri, Oct 16, 2015 at 2:48 PM, Yann Ylavic wrote:
On Fri, Oct 16, 2015 at 2:35 PM, Rainer Jung wrote:
I didn't yet have the time to reproduce and test your patch, but the
interesting that chrome is happily using h2 on my domain that I
activated for h2 earlier and I have a couple of banned ciphers in
mod_ssl.
On 16 October 2015 at 13:33, Yann Ylavic wrote:
> On Fri, Oct 16, 2015 at 1:38 PM, Yann Ylavic wrote:
>>
>>
On Fri, Oct 16, 2015 at 9:28 AM, Chris wrote:
> interesting that chrome is happily using h2 on my domain that I
> activated for h2 earlier and I have a couple of banned ciphers in
> mod_ssl.
unbanned ones listed earlier, or no SSLHonorCipherOrder?
>
> Yes but ws itself isn't aligned either:
>(dbx) print ws
>ws = 0x7bb00044
> which is IMHO the issue.
>
> Align ws and everything goes well (at least I think :p ).
>
It better! :)
On Fri, Oct 16, 2015 at 4:02 AM, Yann Ylavic wrote:
> We should do something like the following patch:
Promising so far with my two one-off testcases, putting it through a
longer test now.
Thanks!
sslhonorcipherorder is definitely set.
I will check again to see if is in the unbanned ones.
On 16 October 2015 at 14:37, Eric Covener wrote:
> On Fri, Oct 16, 2015 at 9:28 AM, Chris wrote:
>> interesting that chrome is happily using h2 on my domain that
On Fri, Oct 16, 2015 at 4:16 PM, Eric Covener wrote:
> On Fri, Oct 16, 2015 at 4:02 AM, Yann Ylavic wrote:
>> We should do something like the following patch:
>
> Promising so far with my two one-off testcases, putting it through a
> longer test now.
here is ciphers as listed by ssllabs scanning a site on the server.
(in the order set)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH 256 bits (eq.
3072 bits RSA) FS 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH 256 bits (eq.
3072 bits RSA) FS 128
here is my cipher list used in mod_ssl
SSLCipherSuite
ECDHE-RSA-AES128-GCM-SHA256:ECDH+AES128:ECDHE-RSA-AES256-GCM-SHA384:ECDH+AES256:ECDH+3DES:CHACHA20+POLY1305:DHE-RSA-AES128-SHA:RSA+3DES:!aNULL:!MD5
note tho poly1305 doesnt work so ignore that one.
On 16 October 2015 at 14:37, Eric Covener
Some of them are not banned, so I don't see why Chrome should complain.
Is the selected cipher a banned one?
On Fri, Oct 16, 2015 at 4:29 PM, Chris wrote:
> here is my cipher list used in mod_ssl
>
> SSLCipherSuite
>
Yes, the browser won't see the whole list, only the selected one.
On Fri, Oct 16, 2015 at 4:33 PM, Chris wrote:
> ahh so only one needs to be unbanned for it to work?
>
> the selected cipher isnt banned no.
>
> On 16 October 2015 at 15:32, Yann Ylavic
ahh so only one needs to be unbanned for it to work?
the selected cipher isnt banned no.
On 16 October 2015 at 15:32, Yann Ylavic wrote:
> Some of them are not banned, so I don't see why Chrome should complain.
> Is the selected cipher a banned one?
>
> On Fri, Oct 16,
good to know thanks :)
Thats why I was told off for suggesting supporting ie8 and http2 at
the same time was not possible then :)
On 16 October 2015 at 15:35, Yann Ylavic wrote:
> Yes, the browser won't see the whole list, only the selected one.
>
> On Fri, Oct 16, 2015 at
On Fri, Oct 16, 2015 at 1:34 PM, Rainer Jung wrote:
> Am 16.10.2015 um 19:27 schrieb Eric Covener:
>>
>> What's with the backwards start and end there? Does the
>> successor/predecessor override FIRST/MIDDLE/LAST?
>
>
> backwards?
>
> successor/predecessor are:
>
>
48 matches
Mail list logo