Re: [UPDATED] Re: [PATCH] new default SSLCipherSuite and SSL BrowserMatch configuration

On 11/07/2009 02:21 AM, Lars Eilebrecht wrote: Ruediger Pluem wrote on 2009-11-07 00:29:41: -BrowserMatch .*MSIE.* \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 +BrowserMatch MSIE [1-5] nokeepalive ssl-unclean-shutdown \ +

Re: [UPDATED] Re: [PATCH] new default SSLCipherSuite and SSL BrowserMatch configuration

On Saturday 07 November 2009, Lars Eilebrecht wrote: Ruediger Pluem wrote on 2009-11-07 00:29:41: -BrowserMatch .*MSIE.* \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 +BrowserMatch MSIE [1-5] nokeepalive ssl-unclean-shutdown \ +

Re: [PATCH] mod_ssl: improving session caching for SNI configurations

Kaspar Brand wrote: Does that sound reasonable? If so, I would prepare a new patch with SSL_CTX_set_tlsext_ticket_keys and the new config directive. No reactions = no objections? Would it perhaps be possible to piggyback onto Joe's reneg patch and get this also into 2.2.15...? ;-) Attached

Re: [PATCH] mod_ssl: improving session caching for SNI configurations

Kaspar Brand wrote: +#if !defined(OPENSSL_NO_TLSEXT) OPENSSL_VERSION_NUMBER 0x009080d0 +#define TICK_KEYS_LEN sizeof(((SSL_CTX *)0)-tlsext_tick_key_name) \ + + sizeof(((SSL_CTX *)0)-tlsext_tick_hmac_key) \ + + sizeof(((SSL_CTX

Re: [PATCH] mod_ssl: improving session caching for SNI configurations

Dr Stephen Henson wrote: A few comments about that: Thanks for the review! These are cryptographic keys (or at least the HMAC and AES keys are) so you should use RAND_bytes(), not RAND_pseudo_bytes(). Ok - when looking at ssl_lib.c:SSL_CTX_new(), I didn't realize that RAND_pseudo_bytes() is

Re: [PATCH] mod_ssl: improving session caching for SNI configurations

Kaspar Brand wrote: Dr Stephen Henson wrote: A few comments about that: Thanks for the review! These are cryptographic keys (or at least the HMAC and AES keys are) so you should use RAND_bytes(), not RAND_pseudo_bytes(). Ok - when looking at ssl_lib.c:SSL_CTX_new(), I didn't realize

Re: Pull mod_unique_id out of default build?

On 7 Nov 2009, at 06:25, Brian Rectanus wrote: Yes, mod_security requires it. Many who use mod_security may not even realize it. It would be a shame to have vendors drop it by default, which would make mod_security a bit more difficult to install on vendor built httpd installs. Isn't that

Re: svn commit: r833738 - in /httpd/httpd/trunk: CHANGES docs/manual/mod/mod_log_config.xml modules/loggers/mod_log_config.c

On 11/07/2009 08:19 PM, s...@apache.org wrote: Author: sf Date: Sat Nov 7 19:19:10 2009 New Revision: 833738 URL: http://svn.apache.org/viewvc?rev=833738view=rev Log: mod_log_config: Make ${cookie}C correctly match whole cookie names instead of substrings. PR: 28037 Submitted by: