ple enforces that mechanism. There is no way to fall back to
the old unreliable mechanism if you want to have it secure.
--
Hanno Böck
https://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
eturnResponderErrors. Unless I'm missing something I
don't see any situation in which stapling OCSP errors is desirable.
--
Hanno Böck
https://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
o?
I'll answer that in a private mail, don't want to give contact info on
a public mailing list.
--
Hanno Böck
https://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
funding if there's an
effort to improve the situation.
--
Hanno Böck
https://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
are a tricky problem, however someone has yet
to show that they are abused in practice. But preventing deployment of a
new compression algorithm doesn't help. You'd have to disable
compression altogether to avoid them.
--
Hanno Böck
https://hboeck.de/
mail/jabber: ha...@h
return NULL;
Attached a patch for apr trunk with this change and a patch for the 1.5
branch with both changes.
Please apply.
[1]
https://blog.fuzzing-project.org/56-htpasswDoS-Local-Denial-of-Service-via-Apache-httpd-password-hashes.html
--
Hanno Böck
https:
I haven't used apache 2.2, but isn't OCSP stapling support still
missing there?
I think if you're already working on backporting important TLS features
that should certainly go with them.
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
pgpNXAgtjh1Er.pgp
Description
to be increased. (AH01929 will be logged.)
Could this be made a bit more precise?
What's more than a few certificates? Preferrably there should be some
rough calculation (certs*Xkb) that gives a safe margin for the space.
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
:
https://github.com/eousphoros/mod-spdy
It builds and I can load and enable it, but it doesn't work (can't
connect any more to https sites when I enable it).
So what's the reference place of spdy support for apache? Is there any
active development happening right now?
cu,
--
Hanno Böck
http
out of the box.
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
signature.asc
Description: PGP signature
then needs
consensus approval, as explained under
http://httpd.apache.org/dev/guidelines.html, so at least two +1 from
other devs are needed as well.
I'm not an apache dev, but you get +1 from me for backporting :-)
Hanno
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG
.
Thanks a lot that there's finally some movement here.
What needs to happen so this can be backported to 2.4? Regarding the
discussion on ietf-tls happening right now, it'd be a good signal if
apache would support larger DH parameters soon.
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha
Hi,
As far as I can see, this got no reply yet from an apache dev. Why the
silence? Could at least someone comment?
On Fri, 28 Jun 2013 09:46:27 +0200
Hanno Böck ha...@hboeck.de wrote:
There's been a patch in bugzilla for a while to allow user-defined DH
parameters, however it hasn't gotten
=49559
I'd like to ask apache devs to raise some attention to this issue. I
think user-defined dh groups would be a good thing, but probably the
default should also be raised to e.g. 2048 bit.
cu,
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
signature.asc
think this really deserves a fast new release.
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber/Mail:ha...@hboeck.de
http://schokokeks.org - professional webhosting
signature.asc
Description: This is a digitally signed message part.
15 matches
Mail list logo