Re: Bug#733564: pu: apache2 with ECDHE support
On Mon, Apr 14, 2014 at 10:07:30PM +0200, Kurt Roeckx wrote:
> On Mon, Apr 14, 2014 at 09:57:21PM +0200, Stefan Fritsch wrote:
> > Am Montag, 14. April 2014, 21:18:46 schrieb Philipp Kern:
> > > So I'd say that we should go and add ECDHE support to Apache as
> > > suggested and also patch OpenSSL for the OS X bug as the
> > > fingerprinting landed upstream and we would merely replicate
> > > current upstream behavior.
> >
> > OK, sounds good.
> >
> > Kurt, if the openssl patch is like [1], it would require that apache2
> > is built against the updated version of openssl, due to the changed
> > value of SSL_OP_ALL. Can you please ping me when you have uploaded the
> > new package? Also, you should probably mention in the changelog that
> > only recompiled applications get to use the workaround.
>
> I'll let you know when I've done an upload.
I would like to also add support for the padding extention in
stable. It's part of the 1.0.1g release.
IETF Draft:
http://tools.ietf.org/html/draft-agl-tls-padding-03
Patches:
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4a55631e4dc76fb8d668218bf461c45a9abc5b94
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51624dbdaed5325ac763e63dc5eb0b3ef85d6489
Kurt
Reply to: