httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: svn commit: r906039 - in /httpd/httpd/trunk/modules/ssl: mod_ssl.c ssl_engine_config.c ssl_engine_init.c ssl_engine_kernel.c ssl_private.h
Date Wed, 03 Feb 2010 17:44:45 GMT
On Wed, Feb 3, 2010 at 12:09 PM, Joe Orton <jorton@redhat.com> wrote:

> I considered logging a warning for each client which renegotiates
> insecurely (whether due to lack of support on client or server), but,
> that's likely to be very noisy.

Any way to note the insecure renegotiation and save it long enough to
be associated with a r->notes or subprocess_env?

That would let you log it with IP and user-agent in access log (and
help you convince yourself it might be safe to turn on strict
renegotiation based on log analysis)

-- 
Eric Covener
covener@gmail.com

Mime
View raw message