httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 57375] Support LibreSSL as an alternative toolkit for mod_ssl
Date Sun, 11 Jan 2015 11:54:55 GMT

Kaspar Brand <> changed:

           What    |Removed                     |Added
            Version|2.4.10                      |2.5-HEAD
            Summary|[PATCH] Unbreak 2.4 build   |Support LibreSSL as an
                   |with LibreSSL               |alternative toolkit for
                   |                            |mod_ssl
           Severity|normal                      |enhancement

--- Comment #1 from Kaspar Brand <> ---
Rewording the summary to more accurately capture the topic of this bug.

I'm not really supportive of this idea, to be frank. mod_ssl is effectively
mod_openssl these days. It used to have (and in 2.2.x still does) an
ssl_toolkit_compat layer which allowed support for multiple toolkits, in
theory, but as discussed in these two threads, the consensus in 2010/2011 was
to deliberately drop support for non-OpenSSL toolkits:

(see r1154683 and and r1154687)

While the changes for supporting LibreSSL might seem small right now, it would
definitely mean that mod_ssl maintenance becomes [again] more complex, assuming
a scenario of LibreSSL deviating more substantially from OpenSSL in the future

Maintaining mod_ssl compatibility with all OpenSSL versions still floating
around (0.9.7/0.9.8/1.0.0/1.0.1) is already quite burdensome, and I wouldn't
want to make things more complicated by adding another toolkit to the mix
(otherwise, next on the table would be BoringSSL, I guess). Let's draw a clear
line right now, and not silently morph mod_[open]ssl into something like

You are receiving this mail because:
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message