[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#733564: pu: apache2 with ECDHE support

On Mon, Apr 14, 2014 at 10:07:30PM +0200, Kurt Roeckx wrote:
> On Mon, Apr 14, 2014 at 09:57:21PM +0200, Stefan Fritsch wrote:
> > Am Montag, 14. April 2014, 21:18:46 schrieb Philipp Kern:
> > > So I'd say that we should go and add ECDHE support to Apache as
> > > suggested and also patch OpenSSL for the OS X bug as the
> > > fingerprinting landed upstream and we would merely replicate
> > > current upstream behavior.
> > 
> > OK, sounds good.
> > 
> > Kurt, if the openssl patch is like [1], it would require that apache2 
> > is built against the updated version of openssl, due to the changed 
> > value of SSL_OP_ALL. Can you please ping me when you have uploaded the 
> > new package? Also, you should probably mention in the changelog that 
> > only recompiled applications get to use the workaround.
> 
> I'll let you know when I've done an upload.

I would like to also add support for the padding extention in
stable.  It's part of the 1.0.1g release.

IETF Draft:
http://tools.ietf.org/html/draft-agl-tls-padding-03

Patches:
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4a55631e4dc76fb8d668218bf461c45a9abc5b94
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51624dbdaed5325ac763e63dc5eb0b3ef85d6489



Kurt
Reply to: