Re: Bug#733564: pu: apache2 with ECDHE support

To: Kurt Roeckx <kurt@roeckx.be>
Cc: debian-apache@lists.debian.org, 733564@bugs.debian.org
Subject: Re: Bug#733564: pu: apache2 with ECDHE support
From: Stefan Fritsch <sf@sfritsch.de>
Date: Mon, 14 Apr 2014 21:57:21 +0200
Message-id: <[🔎] 2709305.3U5MXJiIa2@k>
In-reply-to: <[🔎] 20140414191846.GA10183@simplex.0x539.de>
References: <20131229225854.GA20830@roeckx.be> <[🔎] 1645986.Dq73KekQRF@k> <[🔎] 20140414191846.GA10183@simplex.0x539.de>

Am Montag, 14. April 2014, 21:18:46 schrieb Philipp Kern:
> So I'd say that we should go and add ECDHE support to Apache as
> suggested and also patch OpenSSL for the OS X bug as the
> fingerprinting landed upstream and we would merely replicate
> current upstream behavior.

OK, sounds good.

Kurt, if the openssl patch is like [1], it would require that apache2 
is built against the updated version of openssl, due to the changed 
value of SSL_OP_ALL. Can you please ping me when you have uploaded the 
new package? Also, you should probably mention in the changelog that 
only recompiled applications get to use the workaround.

Cheers,
Stefan

[1] http://openssl.6102.n7.nabble.com/openssl-org-3068-PATCH-Safari-broken-ECDHE-ECDSA-workaround-td45432.html

Reply to:

Follow-Ups:
- Re: Bug#733564: pu: apache2 with ECDHE support
  - From: Kurt Roeckx <kurt@roeckx.be>

References:
- Re: Bug#733564: pu: apache2 with ECDHE support
  - From: Stefan Fritsch <sf@sfritsch.de>
- Re: Bug#733564: pu: apache2 with ECDHE support
  - From: Philipp Kern <pkern@debian.org>

Prev by Date: Re: Bug#733564: pu: apache2 with ECDHE support
Next by Date: Re: Bug#733564: pu: apache2 with ECDHE support
Previous by thread: Re: Bug#733564: pu: apache2 with ECDHE support
Next by thread: Re: Bug#733564: pu: apache2 with ECDHE support
Index(es):
- Date
- Thread