[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#733564: pu: apache2 with ECDHE support

Stefan Fritsch <sf@sfritsch.de> (2013-12-30):
> Am Sonntag, 29. Dezember 2013, 23:58:54 schrieb Kurt Roeckx:
> > Adding ECDHE support in apache will probably require backporting the
> > patches for that.  I'm not sure how much work that is going to be
> > and wether someone like redhat might have already done that.
> I don't know how quickly upgrades are ususally adopted in MacOS land,
> but considering that 10.8.5 is out I think it would be even acceptable
> to update apache without that openssl workaround, as long as the
> readme contains exact instructions how to disable ECDHE in case of
> problems. But of course having the openssl workaround would be even
> better.

If we're going to end up adding ECDHE support, and if it isn't supported
everywhere yet, I'm pretty sure support for it all shouldn't be enabled
automatically upon upgrades, and that it should be enabled manually by
admins instead, following instructions that include incompatibility
warnings (hello, page 51 of the draft at https://bettercrypto.org/).


Attachment: signature.asc
Description: Digital signature

Reply to: