httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From olli hauer <oha...@gmx.de>
Subject Re: Looking ahead to 2.4.13 / 2.2.30
Date Tue, 05 May 2015 21:31:01 GMT
On 2015-05-05 15:03, Yann Ylavic wrote:
> On Thu, Apr 30, 2015 at 11:52 PM, William A Rowe Jr <wrowe@rowe-clan.net> wrote:
>>
>> Concerns / observations / thoughts?
> 
> I'd like to propose those 2.4.x CHANGES (r1542327+r1569005+r1542327)
> for backport to 2.2.x (in reverse order):
> 
>   *) mod_ssl: Fix tmp DH parameter leak, adjust selection to prefer
>      larger keys and support up to 8192-bit keys.  [Ruediger Pluem,
>      Joe Orton]
> 
>   *) mod_ssl: Improve handling of ephemeral DH and ECDH keys by
>      allowing custom parameters to be configured via SSLCertificateFile,
>      and by adding standardized DH parameters for 1024/2048/3072/4096 bits.
>      Unless custom parameters are configured, the standardized parameters
>      are applied based on the certificate's RSA/DSA key size. [Kaspar Brand]
> 
>   *) mod_ssl, configure: Require OpenSSL 0.9.8a or later. [Kaspar Brand]
> 
>   *) mod_ssl: drop support for export-grade ciphers with ephemeral RSA
>      keys, and unconditionally disable aNULL, eNULL and EXP ciphers
>      (not overridable via SSLCipherSuite). [Kaspar Brand]
> 
> or at least partly.
> 

Perhaps it is also a good time do kick SSLv2 support from 2.2.x ;)


Mime
View raw message