httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From William A Rowe Jr <>
Subject Re: SSL/TLS best current practice
Date Thu, 07 May 2015 02:09:59 GMT
On May 6, 2015 8:12 PM, "Noel Butler" <> wrote:
> On 07/05/2015 09:22, William A Rowe Jr wrote:
>> For trunk, I propose we drop TLSv1 and TLSv1.1 protocols and simply
adopt the recommended cipher list illustrated below (!SSLv3) in the default
extra/httpd-ssl.conf source, following the SHOULD recommendations.
> unless trunk is for the 2.6 release   -1

Noel, that is precisely the purpose of trunk, always.  The 'next' release.
Might be 2.6, might be called 3.0.

We cherry pick fixes to backport all the time, but trunk exists to shape
the subsequent release.

> Since we are told, every time the discussion of abandoning 2.2.x comes
up, that too many distro's with LTS's and Enterprise versions still support
and maintain these antique versions, many admins do also require those
antique distro versions but elect to build current source of httpd, I would
then  "-1" for  removal of tls 1.0/1.1 (unless for the new  "major" release
where I'd agree with it)  - because if there systems are that old, they
"may" very well have issues with the removal of them, since their overall
system/ssl libs are going to also be antiques :)

Which is where you should direct your attention to backport proposals, on
2.4 as well as 2.2, since these are now adopted by users.

View raw message