Stefan Fritsch <firstname.lastname@example.org> (2013-12-30): > Am Sonntag, 29. Dezember 2013, 23:58:54 schrieb Kurt Roeckx: > > Adding ECDHE support in apache will probably require backporting the > > patches for that. I'm not sure how much work that is going to be > > and wether someone like redhat might have already done that. > > I don't know how quickly upgrades are ususally adopted in MacOS land, > but considering that 10.8.5 is out I think it would be even acceptable > to update apache without that openssl workaround, as long as the > readme contains exact instructions how to disable ECDHE in case of > problems. But of course having the openssl workaround would be even > better. If we're going to end up adding ECDHE support, and if it isn't supported everywhere yet, I'm pretty sure support for it all shouldn't be enabled automatically upon upgrades, and that it should be enabled manually by admins instead, following instructions that include incompatibility warnings (hello, page 51 of the draft at https://bettercrypto.org/). Mraw, KiBi.
Description: Digital signature