httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From yla...@apache.org
Subject svn commit: r1678107 - /httpd/httpd/branches/2.2.x/STATUS
Date Wed, 06 May 2015 22:51:49 GMT
Author: ylavic
Date: Wed May  6 22:51:49 2015
New Revision: 1678107

URL: http://svn.apache.org/r1678107
Log:
Propose.

Modified:
    httpd/httpd/branches/2.2.x/STATUS

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1678107&r1=1678106&r2=1678107&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Wed May  6 22:51:49 2015
@@ -185,7 +185,7 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
      2.2.x patch: http://people.apache.org/~ylavic/httpd-2.2.x-SSLSessionTicketKeyFile.patch
      +1: ylavic
 
-  *) mod_proxy: use the original (non absolute) form of the request-line's URI
+   * mod_proxy: use the original (non absolute) form of the request-line's URI
      for requests embedded in CONNECT payloads used to connect SSL backends via
      a ProxyRemote forward-proxy. PR 55892.
      trunk patch: http://svn.apache.org/r1665215
@@ -202,6 +202,25 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
      2.4.x patch: trunk works (modulo CHANGES)
      +1: breser
 
+   * mod_ssl: Improve handling of ephemeral DH and ECDH keys by
+     allowing custom parameters to be configured via SSLCertificateFile,
+     and by adding standardized DH parameters for 1024/2048/3072/4096 bits.
+     Unless custom parameters are configured, the standardized parameters
+     are applied based on the certificate's RSA/DSA key size.  Also drop
+     support for export-grade ciphers with ephemeral RSA keys, and
+     unconditionally disable aNULL, eNULL and EXP ciphers
+     (not overridable via SSLCipherSuite).
+     trunk patch: http://svn.apache.org/r1526168
+                  http://svn.apache.org/r1527291
+                  http://svn.apache.org/r1527295
+                  http://svn.apache.org/r1563420
+                  http://svn.apache.org/r1588851
+                  http://svn.apache.org/r1666363
+     2.2.x patch: http://people.apache.org/~ylavic/httpd-2.2.x-mod_ssl-improved_EDH.patch
+     +1: ylavic
+     ylavic: tested with openssl 0.9.7a, 0.9.8o, 1.0.1m and 1.0.2a with 1024
+             and 2048 bits certificates (modulus), using EDH and ECDH ciphers.
+
 PATCHES/ISSUES THAT ARE STALLED
 
    * mod_proxy_balancer: Always initialize the shared parameters of a load



Mime
View raw message