You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by kb...@apache.org on 2013/11/30 07:49:59 UTC
svn commit: r1546690 - /httpd/httpd/trunk/STATUS
Author: kbrand
Date: Sat Nov 30 06:49:58 2013
New Revision: 1546690
URL: http://svn.apache.org/r1546690
Log:
Remove obsolete TODOs for mod_ssl:
No, we don't - it was removed in r90511.
DH keys are changed for every connection, SSL_OP_SINGLE_DH_USE
is applied since mod_ssl's initial commit (r88988).
We no longer have our own CRL callback (delegated to OpenSSL
as of r1165056), so this is effectively moot.
ssl_engine_pphrase.c needs to be simplified, not blown up further
(see also https://issues.apache.org/bugzilla/show_bug.cgi?id=24031,
which few [if any] people really seem to miss)
Modified:
httpd/httpd/trunk/STATUS
Modified: httpd/httpd/trunk/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/STATUS?rev=1546690&r1=1546689&r2=1546690&view=diff
==============================================================================
--- httpd/httpd/trunk/STATUS (original)
+++ httpd/httpd/trunk/STATUS Sat Nov 30 06:49:58 2013
@@ -323,22 +323,10 @@ RELEASE NON-SHOWSTOPPERS BUT WOULD BE RE
TODO ISSUES REMAINING IN MOD_SSL:
- * Do we need SSL_set_read_ahead()?
-
* SSLRequire directive (parsing of) leaks memory
- * Diffie-Hellman-Parameters for temporary keys are hardcoded in
- ssl_engine_dh.c, while the comment in ssl_engine_kernel.c says:
- "it is suggested that keys be changed daily or every 500
- transactions, and more often if possible."
-
* ssl_var_lookup could be rewritten to be MUCH faster
- * CRL callback should be pluggable
-
- * ssl_engine_pphrase.c needs to be reworked so it is generic enough
- to also decrypt proxy keys
-
WISH LIST
* mod_proxy: Ability to run SSL over proxy gateway connections,
encrypting (or reencrypting) at the proxy.