Return-Path: X-Original-To: apmail-httpd-cvs-archive@www.apache.org Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id EE70217D37 for ; Sat, 24 Jan 2015 08:17:41 +0000 (UTC) Received: (qmail 25466 invoked by uid 500); 24 Jan 2015 08:17:42 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 25401 invoked by uid 500); 24 Jan 2015 08:17:42 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 25391 invoked by uid 99); 24 Jan 2015 08:17:41 -0000 Received: from eris.apache.org (HELO hades.apache.org) (140.211.11.105) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 24 Jan 2015 08:17:41 +0000 Received: from hades.apache.org (localhost [127.0.0.1]) by hades.apache.org (ASF Mail Server at hades.apache.org) with ESMTP id B61A4AC0110; Sat, 24 Jan 2015 08:17:41 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1654482 - /httpd/httpd/branches/2.2.x/STATUS Date: Sat, 24 Jan 2015 08:17:41 -0000 To: cvs@httpd.apache.org From: ylavic@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20150124081741.B61A4AC0110@hades.apache.org> Author: ylavic Date: Sat Jan 24 08:17:41 2015 New Revision: 1654482 URL: http://svn.apache.org/r1654482 Log: Propose SSLSessionTickets directive. Modified: httpd/httpd/branches/2.2.x/STATUS Modified: httpd/httpd/branches/2.2.x/STATUS URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1654482&r1=1654481&r2=1654482&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/STATUS (original) +++ httpd/httpd/branches/2.2.x/STATUS Sat Jan 24 08:17:41 2015 @@ -159,6 +159,18 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: 2.2.x patch: trunks works (plus CHANGES) +1 rjung + * mod_ssl: Add SSLSessionTickets (on|off). [Rainer Jung] + It controls the use of TLS session tickets (RFC 5077). + Default is unchanged (on). + Using session tickets without restarting the web server with + an appropriate frequency (e.g. daily) compromises perfect forward + secrecy. As long as we do not have a nice key management + there needs to be a way to deactivate the use of session tickets. + trunk patch: http://svn.apache.org/r1650310 + http://svn.apache.org/r1650320 + 2.2.x patch: http://people.apache.org/~ylavic/httpd-2.2.x-SSLSessionTickets.patch + +1: ylavic + PATCHES/ISSUES THAT ARE STALLED * mod_proxy_balancer: Always initialize the shared parameters of a load