httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Felt <mamf...@gmail.com>
Subject Re: Comparing LibreSSL and OpenSSL based on ApacheTest t/ssl results
Date Thu, 16 Jul 2015 20:39:04 GMT
I'll look at it and hopefully understand something. but tomorrow.

On Thu, Jul 16, 2015 at 7:56 PM, William A Rowe Jr <wrowe@rowe-clan.net>
wrote:

> On Thu, Jul 16, 2015 at 12:02 PM, Michael Felt <mamfelt@gmail.com> wrote:
>
>> Here I have the output of just one test t/ssl/pr12355.t - and note the
>> differences in the ssl_access_log - not just the error messages (I have
>> removed all "debug" messages from the logs as they were "in the way".
>>
>> LibreSSL is version 2.2.0, OpenSSL is version 0.9.8m (yes I know very old,
>> will test with latest patches later - I hope not relevant to here).
>>
>> So, please note: LibreSSL says access is:
>> t/logs/ssl_request_log:[16/Jul/2015:11:47:12 +0000] 127.0.0.1 - - "POST
>> /require-sha-cgi/perl_echo.pl HTTP/1.1" 403 237
>> while OpenSSL says
>> t/logs/ssl_request_log:[16/Jul/2015:11:32:35 +0000] 127.0.0.1 TLSv1 RC4-SHA
>> "POST /require-sha-cgi/perl_echo.pl HTTP/1.1" 200 11
>>
>> My question: what can I do to understand why OpenSSL is adding TLSv1
>> RC4-SHA while LibreSSL is "- -"
>>
>>
> I'll take this one item.  Take a look into our implementation of
> ssl_var_lookup_ssl
> and particularly ssl_var_lookup_ssl_cipher.  I would expect LibreSSL isn't
> providing
> any meaningful data to represent.
>
>
>

Mime
View raw message