httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 46952] ssl renegotiation hangs with long ca list
Date Thu, 13 May 2010 21:04:59 GMT

--- Comment #17 from Maarten Litmaath <> 2010-05-13 17:04:55 EDT ---

Hi Steve,
a workaround for current/older versions of httpd/openssl is to put
a lot of _dummy_ CAs on the server.  That is what we do for now,
since it will be a while before we can rely on patched versions
being supplied by the distributions that matter to us.
We constructed an rpm with 50 dummy CAs that are sufficient to
get us beyond the zone of trouble, as we have about 90 real CAs
that we need to support.  The dummy-ca-certs-20090630-1.noarch.rpm
is available here:

See comment at the end of this page:

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message