On Thu, Sep 20, 2018 at 4:41 AM Plüm, Rüdiger, Vodafone Group <
ruediger.pl...@vodafone.com> wrote:
> Can we have set it to info? Debug is very verbose for SSL just to find out
> why a HTTP request was replied to with a 403.
>
Whatever is appropriate on startup/graceful restart is fine, but
be overshadowed by the log write itself.
Rick Houser
Web Engineer
> -Original Message-
> From: Stefan Eissing
> Sent: Thursday, September 20, 2018 09:57
> To: dev@httpd.apache.org
> Subject: Re: minor nit in mod_ssl
>
> EXTERNAL EMAIL
>
>
> > Am 20.09.2018
> Am 20.09.2018 um 15:31 schrieb Houser, Rick :
>
>> Envision a TCP load balancer routing TLS-crypted traffic across a number
>> of internal hosts, with each of the named virtual hosts presenting the
>> correct
>> certificate, and known to httpd by their ServerAlias on the outer-facing
>>
to the specific configuration.
Please see my response to William about 20 mintues back for more clarification
on that.
Rick Houser
Web Engineer
> -Original Message-
> From: Stefan Eissing
> Sent: Thursday, September 20, 2018 05:03
> To: dev@httpd.apache.org
> Subject
> Envision a TCP load balancer routing TLS-crypted traffic across a number
> of internal hosts, with each of the named virtual hosts presenting the correct
> certificate, and known to httpd by their ServerAlias on the outer-facing
> interface.
> Not terminated at the edge balancer.
We are using
as non SNI clients are often not browsers but non
> interactive programs.
>
> Regards
>
> Rüdiger
>
>> -Ursprüngliche Nachricht-
>> Von: Stefan Eissing
>> Gesendet: Donnerstag, 20. September 2018 11:46
>> An: dev@httpd.apache.org
>>
for SSL just to find out
> why a HTTP request was replied to with a 403.
>
> Regards
>
> Rüdiger
>
> Von: William A Rowe Jr
> Gesendet: Montag, 17. September 2018 22:27
> An: httpd
> Betreff: Re: minor nit in mod_ssl
>
> On Mon, Sep 17, 2018 at 2
> Am 19.09.2018 um 17:17 schrieb William A Rowe Jr :
>
> On Wed, Sep 19, 2018 at 6:39 AM Stefan Eissing
> wrote:
>
> > Am 18.09.2018 um 15:44 schrieb Houser, Rick :
> >
> > In the same vein, I’ve been running this patch on our builds to get around
> > a warning for certificates not
On Wed, Sep 19, 2018 at 6:39 AM Stefan Eissing
wrote:
>
> > Am 18.09.2018 um 15:44 schrieb Houser, Rick :
> >
> > In the same vein, I’ve been running this patch on our builds to get
> around a warning for certificates not matching the hostname. Certificates
> are not expected to match the
e I understand your setup here. Is this the ServerName from the global
server? Otherwise, in a VirtualHost why would you not set the ServerName to the
hostname you are serving?
-Stefan
>
> Rick Houser
> Web Engineer
>
> From: William A Rowe Jr
> Sent: Monday, September
s server certificate does NOT include an ID "
"which matches the server name", key_id);
}
Rick Houser
Web Engineer
From: William A Rowe Jr
Sent: Monday, September 17, 2018 16:27
To: httpd
Subject: Re: minor nit in mod_ssl
EXTERNAL EMAIL
On Mon, Sep 17,
On Mon, Sep 17, 2018 at 2:56 AM Stefan Eissing
wrote:
>
> mod_ssl/ssl_engine.kernel.c, 353: logs ERR (APLOGNO(02033)) when
strict_sni_vhost_check is enabled and a request comes in without SNI.
>
> Question: is a downgrade from ERR to INFO/DEBUG backportable or do we
consider this a break of
It is entirely appropriate to turn down the volume. That's what
module-by-module loglevels are there for.
On Mon, Sep 17, 2018, 02:56 Stefan Eissing
wrote:
> Just a quick question, if we can reach consensus here:
>
> mod_ssl/ssl_engine.kernel.c, 353: logs ERR (APLOGNO(02033)) when
>
13 matches
Mail list logo
