You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Pankaj Pradhan <pa...@gmail.com> on 2023/09/20 16:00:55 UTC
[users@httpd] Information Request | RFC- 7919 Support
Hello,
I was looking for documentation related to RFC-7919 support in the apache
http server.
I couldn't find any reference in the existing documentation and neither a
google search resulted in any concrete answers.
It would be very helpful if someone can help in some way or some
documentation link that gives some more information on RFC-7919 support in
apache httpd server.
We are using version 2.4.37 but if the support is available in the latest
version we can upgrade as well.
Regards,
Pankaj
Re: [users@httpd] Information Request | RFC- 7919 Support
Posted by Jeff Cox <je...@jeffpcox.com>.
unsubscribe
On Wed, Sep 20, 2023 at 1:14 PM Will Fatherley <we...@gmail.com>
wrote:
>
> It would be very helpful if someone can help in some way or some
>> documentation link that gives some more information on RFC-7919 support in
>> apache httpd server.
>>
>
> Maybe you’re looking for mod_ssl—
> https://httpd.apache.org/docs/2.4/mod/mod_ssl.html
>
>>
Re: [users@httpd] Information Request | RFC- 7919 Support
Posted by Pankaj Pradhan <pa...@gmail.com>.
Hi,
Thanks for the response. I went through the documentation, it does specify
the support of the custom and standard DH parameters. On the selection of
the parameter the documentation says " hands them out to clients based on
the length of the certificate's RSA/DSA key"
Where as per the RFC7919 (https://www.rfc-editor.org/rfc/rfc7919.html#page-8
)
- A compatible TLS server that receives the Supported Groups extension
with FFDHE codepoints in it and that selects an FFDHE cipher suite MUST
select one of the client's offered groups
-
if none of the client-proposed FFDHE groups are known and
acceptable to the server, then the server MUST NOT select an FFDHE
cipher suite
-
...
Is the server behavior then compliant to the specification? This
information was not so clearly documented/ or couldn't be interpreted. Any
help in this regard is highly appreciated.
Regards,
Pankaj
On Wed, Sep 20, 2023 at 11:44 PM Will Fatherley <we...@gmail.com>
wrote:
>
> It would be very helpful if someone can help in some way or some
>> documentation link that gives some more information on RFC-7919 support in
>> apache httpd server.
>>
>
> Maybe you’re looking for mod_ssl—
> https://httpd.apache.org/docs/2.4/mod/mod_ssl.html
>
>>
Re: [users@httpd] Information Request | RFC- 7919 Support
Posted by Will Fatherley <we...@gmail.com>.
> It would be very helpful if someone can help in some way or some
> documentation link that gives some more information on RFC-7919 support in
> apache httpd server.
>
Maybe you’re looking for mod_ssl—
https://httpd.apache.org/docs/2.4/mod/mod_ssl.html
>