Sorry for the multiple messages. I was trying to edit my original reply and
didn't realize every attempt would result in a new message.The purpose of
this mail is to include the 'make' errors that I received and that may not
be visible in other list archives as HTML tags (and apparently anything
With the recent release of openssl 1.1.1 back on Sept 11 that supports TLS
1.3 final RFC 8446, I believe demand for this backport will steadily
increase. Thank you Stephan for proposing this backport branch.
FreeBSD 11.2-RELEASE-p3
Apache/2.4.35-dev (Unix)
OpenSSL/1.1.1
I've compiled and am
With the recent release of openssl 1.1.1 back on Sept 11 that supports TLS
1.3 final RFC 8446, I believe demand for this backport will steadily
increase. Thank you Stephan for proposing this backport branch.FreeBSD
11.2-RELEASE-p3Apache/2.4.35-dev (Unix)OpenSSL/1.1.1I've compiled and am
running
With the recent release of openssl 1.1.1 back on Sept 11 that supports TLS
1.3 final RFC 8446, I believe demand for this backport will steadily
increase. Thank you Stephan for proposing this backport branch.
FreeBSD 11.2-RELEASE-p3
Apache/2.4.35-dev (Unix)
OpenSSL/1.1.1
I've compiled and am
> Am 18.09.2018 um 17:03 schrieb Joe Orton :
>
>> On Tue, Sep 18, 2018 at 04:54:58PM +0200, Yann Ylavic wrote:
>>> On Tue, Sep 18, 2018 at 4:08 PM Joe Orton wrote:
>>>
>>> As of r1841219 I think the tlsv1.3-for-2.4.x is ready for merging...
>>
>> Thanks Joe for the hard work!
>
> Thanks to
On Tue, Sep 18, 2018 at 04:54:58PM +0200, Yann Ylavic wrote:
> On Tue, Sep 18, 2018 at 4:08 PM Joe Orton wrote:
> >
> > As of r1841219 I think the tlsv1.3-for-2.4.x is ready for merging...
>
> Thanks Joe for the hard work!
Thanks to Stefan for getting us most of the way!
> Does it work for
On Tue, Sep 18, 2018 at 4:08 PM Joe Orton wrote:
>
> As of r1841219 I think the tlsv1.3-for-2.4.x is ready for merging...
Thanks Joe for the hard work!
>
> A BIG caveat remains around Post-Handshake Auth. With the current Perl
> stack (including whatever adjustments for OpenSSL 1.1.1 already
>
As of r1841219 I think the tlsv1.3-for-2.4.x is ready for merging...
A BIG caveat remains around Post-Handshake Auth. With the current Perl
stack (including whatever adjustments for OpenSSL 1.1.1 already
required) the failures I get with the test suite and that branch are
significant, because
On Wed, Sep 12, 2018 at 3:17 PM Joe Orton wrote:
>
> On Tue, Sep 11, 2018 at 03:39:42PM +0200, Yann Ylavic wrote:
> > On Tue, Sep 11, 2018 at 12:13 PM Joe Orton wrote:
> > >
> > > Does anybody have successful test results with post-handshake auth? I'm
> > > testing against Fedora's OpenSSL
On Tue, Sep 11, 2018 at 03:39:42PM +0200, Yann Ylavic wrote:
> On Tue, Sep 11, 2018 at 12:13 PM Joe Orton wrote:
> >
> > Does anybody have successful test results with post-handshake auth? I'm
> > testing against Fedora's OpenSSL 1.1.1pre9 which has merged the changes
> > for
On Tue, Sep 11, 2018 at 03:39:42PM +0200, Yann Ylavic wrote:
> On Tue, Sep 11, 2018 at 12:13 PM Joe Orton wrote:
> >
> > Does anybody have successful test results with post-handshake auth? I'm
> > testing against Fedora's OpenSSL 1.1.1pre9 which has merged the changes
> > for
On Tue, Sep 11, 2018 at 12:13 PM Joe Orton wrote:
>
> Does anybody have successful test results with post-handshake auth? I'm
> testing against Fedora's OpenSSL 1.1.1pre9 which has merged the changes
> for https://github.com/openssl/openssl/issues/6933
Just tried trunk+openssl-1.1.1pre9
On Tue, Sep 11, 2018 at 10:42:02AM +0200, Stefan Eissing wrote:
> > Am 10.09.2018 um 10:59 schrieb Joe Orton :
> > http://svn.apache.org/viewvc?view=revision=1828220
> > - I think this is merged in the branch slightly differently?
>
> I think this overlaps with a subsequent change of
> Am 10.09.2018 um 10:59 schrieb Joe Orton :
>
> On Wed, Sep 05, 2018 at 01:36:06PM +0200, Stefan Eissing wrote:
>> A member of the OpenSSL project gave me a "go ahead" and we now have branch:
>>
>> https://svn.apache.org/repos/asf/httpd/httpd/branches/tlsv1.3-for-2.4.x
>>
>> as a copy of
On Wed, Sep 05, 2018 at 01:36:06PM +0200, Stefan Eissing wrote:
> A member of the OpenSSL project gave me a "go ahead" and we now have branch:
>
> https://svn.apache.org/repos/asf/httpd/httpd/branches/tlsv1.3-for-2.4.x
>
> as a copy of 2.4.x with
>
On Thu, Sep 6, 2018 at 3:13 AM Stefan Eissing
wrote:
>
> > I can't imagine the project releasing this changeset without first
> releasing
> > a stable 2.4.35, followed shortly thereafter with a less stable TLS 1.3
> > release. It appears to introduce a set of required(?) config changes,
> >
> Am 05.09.2018 um 18:52 schrieb William A Rowe Jr :
>
> On Wed, Sep 5, 2018 at 10:52 AM, Dennis Clarke wrote:
> On 09/05/2018 07:36 AM, Stefan Eissing wrote:
> A member of the OpenSSL project gave me a "go ahead" and we now have branch:
>
>
Just tested this branch with OpenSSL 1.1.1p9. Haven't found issues yet.
> Listen 42002 https
> SSLHonorCipherOrder on
> SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
Server error.log
> AH00489: Apache/2.4.35-dev (FreeBSD) OpenSSL/1.1.1-pre9 configured --
> resuming normal operations
client
Hi All,
I've received a patch from the LibreSSL devs via mail. That resolves
the renegotiation issue. Patch is awaiting review, I expect it to land
in the LibreSSL repo soon.
Cheers, Bernard.
On Mon, Sep 3, 2018 at 1:36 PM Stefan Eissing
wrote:
>
> Speaking of SSL and rare renegotiation setups:
On Wed, Sep 5, 2018 at 10:52 AM, Dennis Clarke
wrote:
> On 09/05/2018 07:36 AM, Stefan Eissing wrote:
>
>> A member of the OpenSSL project gave me a "go ahead" and we now have
>> branch:
>>
>> https://svn.apache.org/repos/asf/httpd/httpd/branches/tlsv1.3-for-2.4.x
>>
>> as a copy of 2.4.x with
On 09/05/2018 07:36 AM, Stefan Eissing wrote:
A member of the OpenSSL project gave me a "go ahead" and we now have branch:
https://svn.apache.org/repos/asf/httpd/httpd/branches/tlsv1.3-for-2.4.x
as a copy of 2.4.x with
On 09/03/2018 09:45 AM, Jim Jagielski wrote:
+1! for backporting
>> On Sep 3, 2018, at 5:17 AM, Stefan Eissing
wrote:
>>
>> Dear SSL care takers and stake holders,
>>
>> trunk has TLSv1.3 support for some time.
TLSv1.3 is a published protocol and I see no reason why it wouldn't be
+1! for backporting
> On Sep 3, 2018, at 5:17 AM, Stefan Eissing
> wrote:
>
> Dear SSL care takers and stake holders,
>
> trunk has TLSv1.3 support for some time. I just now changed the 'all'
> SSLProtocol selection, so that it does not include TLSv1.3. This means that
> in order to enable
Am 03.09.2018 um 13:19 schrieb Joe Orton:
AIUI the various bits of new API added for TLS/1.3 are not necessarily
stable until there is a final OpenSSL 1.1.1 release, so maybe we should
wait for that first?
Last mentioned date for GA release of OpenSSL 1.1.1 was Tuesday 11th
September. Not
> Am 03.09.2018 um 13:56 schrieb Ruediger Pluem :
>
>
>
> On 09/03/2018 01:32 PM, Stefan Eissing wrote:
>>
>>
>>> Am 03.09.2018 um 13:19 schrieb Joe Orton :
>>>
>>> On Mon, Sep 03, 2018 at 11:17:39AM +0200, Stefan Eissing wrote:
Dear SSL care takers and stake holders,
>
>>
>>> IMO
On 09/03/2018 01:32 PM, Stefan Eissing wrote:
>
>
>> Am 03.09.2018 um 13:19 schrieb Joe Orton :
>>
>> On Mon, Sep 03, 2018 at 11:17:39AM +0200, Stefan Eissing wrote:
>>> Dear SSL care takers and stake holders,
>
>> IMO there is no problem with supporting it by default (not needing
>>
Speaking of SSL and rare renegotiation setups: Bernard and me are suspecting
that
libressl has issues here for quite some time. At least it looks that way:
https://github.com/libressl-portable/portable/issues/443
Just FYI in case someone encounters such things.
> Am 03.09.2018 um 13:32 schrieb
> Am 03.09.2018 um 13:19 schrieb Joe Orton :
>
> On Mon, Sep 03, 2018 at 11:17:39AM +0200, Stefan Eissing wrote:
>> Dear SSL care takers and stake holders,
>>
>> trunk has TLSv1.3 support for some time. I just now changed the 'all'
>> SSLProtocol selection, so that it does not include
On Mon, Sep 03, 2018 at 11:17:39AM +0200, Stefan Eissing wrote:
> Dear SSL care takers and stake holders,
>
> trunk has TLSv1.3 support for some time. I just now changed the 'all'
> SSLProtocol selection, so that it does not include TLSv1.3. This means that
> in order to enable it, admins must
29 matches
Mail list logo
