On 29.10.2014 16:42, Yann Ylavic wrote:
On Wed, Oct 29, 2014 at 2:52 PM, Mikhail T. mi+t...@aldan.algebra.com wrote:
That would solve our problem, though some may wonder about the subtle
differences between any and all :-) More seriously, it would also make
the config-files incompatible with
On 30.10.2014 15:51, Jeff Trawick wrote:
IMO the present concerns with OCSP Stapling are:
* not so clear that it has seen enough real-world testing; commented out
sample configs and better documentation will help, as will enabling by
default in trunk (just a little?)
* related bugs 57121
On 27.10.2014 12:55, Jeff Trawick wrote:
Putting SSLUseStapling at global scope makes it easier for the admin, who
may have had trouble getting SSL working in the first place.
I don't see yet how it makes it easier - my point is more that an
admin should consciously enable OCSP stapling when he
On 29.10.2014 11:41, Yann Ylavic wrote:
I chose to use (MD5 digest) all the IP:port from the s-addrs list
(ie. VitualHost IP|*|_default_:port ...), plus s-server_hostname
and s-port (ie. ServerName, be it configured or not, knowing that in
the latter case, apr_gethostname() is used fot the
On 29.10.2014 16:40, Graham Leggett wrote:
The attached patch makes the variable SSL_CLIENT_CERT_SUBJECTS
available, which contains a list of subject DNs in each certificate
in the chain. It is designed to be able to match against a full
certificate chain where the subject and issuer of the
On Sat, Nov 1, 2014 at 8:15 AM, Kaspar Brand httpd-dev.2...@velox.ch wrote:
On 29.10.2014 16:42, Yann Ylavic wrote:
On Wed, Oct 29, 2014 at 2:52 PM, Mikhail T. mi+t...@aldan.algebra.com
wrote:
That would solve our problem, though some may wonder about the subtle
differences between any and
On 01.11.2014 11:23, Yann Ylavic wrote:
How about SSLv2Hello keyword (à la JDK), should we agree on a real
issue caused by ALL -SSLv3 (see below)?
This keyword wouldn't fit into the current set of options, so I'm not in
favor of it (the SSL2 compatible hello is like a flag which is
orthogonal
On 01 Nov 2014, at 11:47 AM, Kaspar Brand httpd-dev.2...@velox.ch wrote:
Feels like a fairly idiosyncratic solution to me (essentially sticking
multiple things together into a single environment variable, with the
[known] problems of how to separate them again / do proper matching in
the
On Sat, Nov 1, 2014 at 1:04 PM, Kaspar Brand httpd-dev.2...@velox.ch wrote:
On 01.11.2014 11:23, Yann Ylavic wrote:
The real questions IMO is:
Is SSLv2Hello replied with TLSv1.x server hello really safe against
MITM/poodle/other attacks?
Well, no one can answer this question with yes as long
mod_deflate in httpd-2.2.29 is using APR_INT32_MAX which is only
available since APR-1.3.
However httpd-2.x seems to require APR-1.2 only
(http://httpd.apache.org/docs/2.2/install.html#requirements).
Should we apply something like :
Index: modules/filters/mod_deflate.c
10 matches
Mail list logo
