Bug#828236: Apache2 with openssl 1.1.0
On Wed, Nov 09, 2016 at 11:44:49PM +0100, Stefan Fritsch wrote:
> Hi Kurt,
>
> On Sunday, 25 September 2016 19:51:08 CET Debian Bug Tracking System wrote:
> > Processing commands for control@bugs.debian.org:
> > > tags 828236 + patch
> >
> > Bug #828236 [src:apache2] apache2: FTBFS with openssl 1.1.0
> > Added tag(s) patch.
>
> I am sorry, but I don't feel qualified to review that patch (or the upstream
> branch 2.4.x-openssl-1.1.0-compat which has a different implementation). In
> apache, there is lots of subtle interaction between TLS-renegotiation and
> access control. Therefore I want to have the patch reviewed by someone who
> knows mod_ssl well before I include it in Debian. Also, having openssl 1.1
> support only in testing/unstable won't give apache enough exposure to ensure
> that nothing is broken in complex configurations.
>
> Currently there is no movement upstream to finish the openssl 1.1 support any
> time soon. This means that it is very unlikely that apache2 will get fixed in
> time for stretch.
I would really like to see apache to support openssl 1.1.0. Is
there some way I can help get this done?
Kurt
Reply to: