You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2012/08/20 17:28:58 UTC
svn commit: r1375059 - /httpd/httpd/branches/2.2.x/STATUS
Author: wrowe
Date: Mon Aug 20 15:28:57 2012
New Revision: 1375059
URL: http://svn.apache.org/viewvc?rev=1375059&view=rev
Log:
Promoted
Modified:
httpd/httpd/branches/2.2.x/STATUS
Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1375059&r1=1375058&r2=1375059&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Mon Aug 20 15:28:57 2012
@@ -93,6 +93,31 @@ RELEASE SHOWSTOPPERS:
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
+ * mod_ssl: when compiled against OpenSSL 1.0.1 or later, allow explicit
+ control of TLSv1.1 and TLSv1.2 through the SSLProtocol directive,
+ adding TLSv1.1 and TLSv1.2 support by default given 'SSLProtocol All'.
+ [Kaspar Brand, William Rowe]
+ http://svn.apache.org/viewvc?view=revision&revision=1222921
+ http://svn.apache.org/viewvc?view=revision&revision=1222930
+ http://svn.apache.org/viewvc?view=revision&revision=1225476
+ http://svn.apache.org/viewvc?view=revision&revision=1225792
+ Backport version for 2.2.x of the patches above:
+ http://people.apache.org/~wrowe/tls11-12-patch-2.2-kbrand-wrowe.2.patch
+ +1: wrowe, sf, kbrand, rjung
+ kbrand: explicitly including <openssl/opensslconf.h> in ssl_toolkit_compat.h
+ would make sense, since we're relying on OPENSSL_NO_SSL2 being
+ properly reported by OpenSSL (currently opensslconf.h is only
+ indirectly included, which seems somewhat brittle)
+ sf: I would also have taken the approach suggested by kbrand,
+ but I am OK with the approach from patch .2, too.
+ Minor (CTR) issues:
+ - The "/* only SSLv2 is left */" comment is now obsolete.
+ - Needs CHANGES entry.
+ rjung: Voted on the basis, that OPENSSL_NO_SSL2 is not meant
+ to be set for the web server compile only but instead
+ would only be retrieved from OpenSSL. Otherwise
+ setting OPENSSL_NO_SSL2 only for the web server compile
+ does *not* disable SSLv2 (see r1374734).
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
@@ -136,32 +161,6 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
Trunk version of patch works
+1: rpluem, rjung
- * mod_ssl: when compiled against OpenSSL 1.0.1 or later, allow explicit
- control of TLSv1.1 and TLSv1.2 through the SSLProtocol directive,
- adding TLSv1.1 and TLSv1.2 support by default given 'SSLProtocol All'.
- [Kaspar Brand, William Rowe]
- http://svn.apache.org/viewvc?view=revision&revision=1222921
- http://svn.apache.org/viewvc?view=revision&revision=1222930
- http://svn.apache.org/viewvc?view=revision&revision=1225476
- http://svn.apache.org/viewvc?view=revision&revision=1225792
- Backport version for 2.2.x of the patches above:
- http://people.apache.org/~wrowe/tls11-12-patch-2.2-kbrand-wrowe.2.patch
- +1: wrowe, sf, kbrand, rjung
- kbrand: explicitly including <openssl/opensslconf.h> in ssl_toolkit_compat.h
- would make sense, since we're relying on OPENSSL_NO_SSL2 being
- properly reported by OpenSSL (currently opensslconf.h is only
- indirectly included, which seems somewhat brittle)
- sf: I would also have taken the approach suggested by kbrand,
- but I am OK with the approach from patch .2, too.
- Minor (CTR) issues:
- - The "/* only SSLv2 is left */" comment is now obsolete.
- - Needs CHANGES entry.
- rjung: Voted on the basis, that OPENSSL_NO_SSL2 is not meant
- to be set for the web server compile only but instead
- would only be retrieved from OpenSSL. Otherwise
- setting OPENSSL_NO_SSL2 only for the web server compile
- does *not* disable SSLv2 (see r1374734).
-
* mod_ssl: Add RFC 5878 support. This allows support of mechanisms
such as Certificate Transparency. Note that new
mechanisms are supported without software updates.