On Wed, Jan 17, 2018 at 4:18 AM, Stefan Eissing
wrote:
>
>> Am 17.01.2018 um 10:45 schrieb Yann Ylavic :
>>
>> On Wed, Jan 17, 2018 at 10:30 AM, Stefan Eissing
>> wrote:
>>>
Am 16.01.2018 um 21:26 schrieb
> Am 17.01.2018 um 10:45 schrieb Yann Ylavic :
>
> On Wed, Jan 17, 2018 at 10:30 AM, Stefan Eissing
> wrote:
>>
>>> Am 16.01.2018 um 21:26 schrieb William A Rowe Jr :
>>>
>>> Color me very confused, but I can't
On Wed, Jan 17, 2018 at 10:30 AM, Stefan Eissing
wrote:
>
>> Am 16.01.2018 um 21:26 schrieb William A Rowe Jr :
>>
>> Color me very confused, but I can't distinguish a difference between vhost
>> based
>> Host: header selection in the "http-01"
> Am 16.01.2018 um 21:26 schrieb William A Rowe Jr :
>
> Color me very confused, but I can't distinguish a difference between vhost
> based
> Host: header selection in the "http-01" case, and SNI identification
> in the case of
> "tls-sni-01". Am I missing something?
Color me very confused, but I can't distinguish a difference between vhost based
Host: header selection in the "http-01" case, and SNI identification
in the case of
"tls-sni-01". Am I missing something? Discussion pointers?
For protocol reasons, "dns-01" seems outside the scope of any mod_md
Vetos must be justified... for solid, technical reasons.
One cannot just cast a -1 vote because one doesn't like
something. Way too often I see being blocking stuff
instead of working to *unblock* stuff.
> On Jan 12, 2018, at 6:32 AM, Steffen wrote:
>
> Now mod_md
I try a high level, short summary of the current ACME "TLS-SNI" issue:
1. There are 3 basic ways to verify domain ownership:
a) "http-01" on port 80
requests /.well-known/acme-challenge/
response: signed token as base64url
b) "tls-sni-01" on port 443
client hello with SNI for
On 01/12/2018 01:50 PM, Eric Covener wrote:
> On Fri, Jan 12, 2018 at 7:38 AM, Steffen wrote:
>> Yann: it is not working (anymore) when you have only port 443 open.
>> Yann: I am/was testing in real live, no boulder.
>> Eric: proposed change: to begin with warns/errors
> Generally, we don't use -1 for something like that. Although not all
> -1's are actually "vetoes" -- it is still reserved for something
> actively detrimental.
Whoops, they are actuallt vetoes for code or backports.
On Fri, Jan 12, 2018 at 7:38 AM, Steffen wrote:
> Yann: it is not working (anymore) when you have only port 443 open.
> Yann: I am/was testing in real live, no boulder.
> Eric: proposed change: to begin with warns/errors user
>
> I am talking about SSL configurations
On Fri, Jan 12, 2018 at 12:32 PM, Steffen wrote:
>
> Propose to change mod_md regarding above, now I vote -1.
Could you please elaborate on what isn't working for Windows/you?
Is it a general failure for Windows users or something that can be
addressed as follow up?
I
On Fri, Jan 12, 2018 at 6:14 AM, Stefan Eissing
wrote:
> Team,
>
> the frequency that people keep on asking me when ACME
> support in Apache will be released is going up. For
> this to happen, two backports need 1(!) more vote:
>
> 1. core/mod_ssl: Add new flag int
On Fri, Jan 12, 2018 at 6:32 AM, Steffen wrote:
> Now mod_md contains features which are not supported anymore !
>
> For SSL only config mod_md is not usable anymore, see
>
> Am 12.01.2018 um 13:07 schrieb Yann Ylavic :
>
> On Fri, Jan 12, 2018 at 12:14 PM, Stefan Eissing
> wrote:
>>
>> Is anyone planning to review this in the next days?
>
> I plan to do so, is there a strong need to own a domain for tesing or
On Fri, Jan 12, 2018 at 12:14 PM, Stefan Eissing
wrote:
>
> Is anyone planning to review this in the next days?
I plan to do so, is there a strong need to own a domain for tesing or
can I use a "standalone" thingy (if that's ever relevant)?
On Fri, Jan 12, 2018 at 12:32 PM, Steffen wrote:
> Now mod_md contains features which are not supported anymore !
>
> For SSL only config mod_md is not usable anymore, see
>
> Am 12.01.2018 um 12:32 schrieb Steffen :
>
> Now mod_md contains features which are not supported anymore !
>
> For SSL only config mod_md is not usable anymore, see
>
Now mod_md contains features which are not supported anymore !
For SSL only config mod_md is not usable anymore, see
https://community.letsencrypt.org/t/2018-01-11-update-regarding-acme-tls-sni-and-shared-hosting-infrastructure/50188
Propose to change mod_md regarding above, now I vote -1.
19 matches
Mail list logo