On 11/07/2009 02:21 AM, Lars Eilebrecht wrote:
Ruediger Pluem wrote on 2009-11-07 00:29:41:
-BrowserMatch .*MSIE.* \
- nokeepalive ssl-unclean-shutdown \
- downgrade-1.0 force-response-1.0
+BrowserMatch MSIE [1-5] nokeepalive ssl-unclean-shutdown \
+
On Saturday 07 November 2009, Lars Eilebrecht wrote:
Ruediger Pluem wrote on 2009-11-07 00:29:41:
-BrowserMatch .*MSIE.* \
- nokeepalive ssl-unclean-shutdown \
- downgrade-1.0 force-response-1.0
+BrowserMatch MSIE [1-5] nokeepalive ssl-unclean-shutdown \
+
Kaspar Brand wrote:
Does that sound reasonable? If so, I would prepare a new patch with
SSL_CTX_set_tlsext_ticket_keys and the new config directive.
No reactions = no objections?
Would it perhaps be possible to piggyback onto Joe's reneg patch and get
this also into 2.2.15...? ;-)
Attached
Kaspar Brand wrote:
+#if !defined(OPENSSL_NO_TLSEXT) OPENSSL_VERSION_NUMBER 0x009080d0
+#define TICK_KEYS_LEN sizeof(((SSL_CTX *)0)-tlsext_tick_key_name) \
+ + sizeof(((SSL_CTX *)0)-tlsext_tick_hmac_key) \
+ + sizeof(((SSL_CTX
Dr Stephen Henson wrote:
A few comments about that:
Thanks for the review!
These are cryptographic keys (or at least the HMAC and AES keys are) so you
should use RAND_bytes(), not RAND_pseudo_bytes().
Ok - when looking at ssl_lib.c:SSL_CTX_new(), I didn't realize that
RAND_pseudo_bytes() is
Kaspar Brand wrote:
Dr Stephen Henson wrote:
A few comments about that:
Thanks for the review!
These are cryptographic keys (or at least the HMAC and AES keys are) so you
should use RAND_bytes(), not RAND_pseudo_bytes().
Ok - when looking at ssl_lib.c:SSL_CTX_new(), I didn't realize
On 7 Nov 2009, at 06:25, Brian Rectanus wrote:
Yes, mod_security requires it. Many who use mod_security may not even
realize it. It would be a shame to have vendors drop it by default,
which would make mod_security a bit more difficult to install on
vendor built httpd installs.
Isn't that
On 11/07/2009 08:19 PM, s...@apache.org wrote:
Author: sf
Date: Sat Nov 7 19:19:10 2009
New Revision: 833738
URL: http://svn.apache.org/viewvc?rev=833738view=rev
Log:
mod_log_config: Make ${cookie}C correctly match whole cookie names
instead of substrings.
PR: 28037
Submitted by: