Return-Path: X-Original-To: apmail-httpd-bugs-archive@www.apache.org Delivered-To: apmail-httpd-bugs-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 05ABE102BD for ; Sun, 11 Jan 2015 11:55:48 +0000 (UTC) Received: (qmail 15628 invoked by uid 500); 11 Jan 2015 11:55:49 -0000 Delivered-To: apmail-httpd-bugs-archive@httpd.apache.org Received: (qmail 15585 invoked by uid 500); 11 Jan 2015 11:55:49 -0000 Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: "Apache HTTPD Bugs Notification List" List-Id: Delivered-To: mailing list bugs@httpd.apache.org Received: (qmail 15575 invoked by uid 99); 11 Jan 2015 11:55:49 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 11 Jan 2015 11:55:49 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.115] (HELO eir.zones.apache.org) (140.211.11.115) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 11 Jan 2015 11:55:48 +0000 Received: by eir.zones.apache.org (Postfix, from userid 80) id 53EB520F6A; Sun, 11 Jan 2015 11:54:56 +0000 (UTC) From: bugzilla@apache.org To: bugs@httpd.apache.org Subject: [Bug 57375] Support LibreSSL as an alternative toolkit for mod_ssl Date: Sun, 11 Jan 2015 11:54:55 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Apache httpd-2 X-Bugzilla-Component: mod_ssl X-Bugzilla-Version: 2.5-HEAD X-Bugzilla-Keywords: PatchAvailable X-Bugzilla-Severity: enhancement X-Bugzilla-Who: asfbugz@velox.ch X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: bugs@httpd.apache.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: version short_desc bug_severity Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://issues.apache.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org https://issues.apache.org/bugzilla/show_bug.cgi?id=57375 Kaspar Brand changed: What |Removed |Added ---------------------------------------------------------------------------- Version|2.4.10 |2.5-HEAD Summary|[PATCH] Unbreak 2.4 build |Support LibreSSL as an |with LibreSSL |alternative toolkit for | |mod_ssl Severity|normal |enhancement --- Comment #1 from Kaspar Brand --- Rewording the summary to more accurately capture the topic of this bug. I'm not really supportive of this idea, to be frank. mod_ssl is effectively mod_openssl these days. It used to have (and in 2.2.x still does) an ssl_toolkit_compat layer which allowed support for multiple toolkits, in theory, but as discussed in these two threads, the consensus in 2010/2011 was to deliberately drop support for non-OpenSSL toolkits: https://mail-archives.apache.org/mod_mbox/httpd-dev/201005.mbox/%3C20100525124551.GA11177%40redhat.com%3E https://mail-archives.apache.org/mod_mbox/httpd-dev/201107.mbox/%3C4E35065D.30104%40velox.ch%3E (see r1154683 and and r1154687) While the changes for supporting LibreSSL might seem small right now, it would definitely mean that mod_ssl maintenance becomes [again] more complex, assuming a scenario of LibreSSL deviating more substantially from OpenSSL in the future (consider http://www.openbsd.org/cgi-bin/man.cgi?query=tls_init&sektion=3 e.g.). Maintaining mod_ssl compatibility with all OpenSSL versions still floating around (0.9.7/0.9.8/1.0.0/1.0.1) is already quite burdensome, and I wouldn't want to make things more complicated by adding another toolkit to the mix (otherwise, next on the table would be BoringSSL, I guess). Let's draw a clear line right now, and not silently morph mod_[open]ssl into something like mod_{libre,boring,...}ssl. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org For additional commands, e-mail: bugs-help@httpd.apache.org