-
Stefan Eissing authored
Merged 1827912,1827924,1827992,1828222,1828720,1828723,1833588,1833589,1839920,1839946 from trunk *) mod_ssl: add experimental support for TLSv1.3 (tested with OpenSSL v1.1.1-pre9. SSL(Proxy)CipherSuite now has an optional first parameter for the protocol the ciphers are for. Directive "SSLVerifyClient" now triggers certificate retrieval from the client. Verifying the client fails exactly the same for HTTP/2 connections for all SSL protocols, as this would need to trigger the master connection thread - which we do not support right now. Renegotiation of ciphers is intentionally ignored for TLSv1.3 connections. "SSLCipherSuite" does not allow to specify TLSv1.3 ciphers in a directory context (because it cannot work) and TLSv1.2 or lower ciphers are not relevant for 1.3, as cipher suites are completely separate. Sites which make use of such TLSv1.2 feature need to evaluate carefully if or how they can match their needs onto the TLSv1.3 protocol. [Yann Ylavic, Stefan Eissing] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/tlsv1.3-for-2.4.x@1840120 13f79535-47bb-0310-9956-ffa450edef68
d5943f3e
To find the state of this project's repository at the time of any of these versions, check out the tags.