Commit c261f21f authored by Gregg L. Smith's avatar Gregg L. Smith
Browse files

votes/promotes


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1666628 13f79535-47bb-0310-9956-ffa450edef68
parent bb22c362
Loading
Loading
Loading
Loading
+25 −25
Original line number Diff line number Diff line
@@ -114,6 +114,31 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
                  (minor merge conflict)
     +1 covener, trawick, ylavic

   * mod_deflate: Define APR_INT32_MAX when it is missing so to be able to
                  compile against APR-1.2.x (minimum required version).
     trunk/2.4.x patch: not concerned (require APR-1.5.x)
     2.2.x patch: http://people.apache.org/~ylavic/httpd-2.2.x-mod_deflate_APR_INT32_MAX.patch
     +1: ylavic, trawick, gsmith

   * default conf: Disable SSLv3, like SSLv2, in the default configuration.
     trunk patch: n/a -- Only 2.2.x has SSLProtocol in httpd-ssl.conf.in
     2.2.x patch: https://issues.apache.org/bugzilla/attachment.cgi?id=32131     
     +1: covener, ylavic, gsmith

   * mod_ssl: Add SSLSessionTickets (on|off). [Rainer Jung]
     It controls the use of TLS session tickets (RFC 5077).
     Default is unchanged (on).
     Using session tickets without restarting the web server with
     an appropriate frequency (e.g. daily) compromises perfect forward
     secrecy. As long as we do not have a nice key management
     there needs to be a way to deactivate the use of session tickets.
     trunk patch: http://svn.apache.org/r1650310
                  http://svn.apache.org/r1650320
     2.2.x patch: http://people.apache.org/~ylavic/httpd-2.2.x-SSLSessionTickets-v2.patch
     +1: ylavic, rjung, gsmith
     rjung: Adjust compatibility note in docs.
     ylavic: Done, thanks.


PATCHES PROPOSED TO BACKPORT FROM TRUNK:
  [ New proposals should be added at the end of the list ]
@@ -131,17 +156,6 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
     ylavic: trunk/2.4.x not concerned, 2.2.x only.
     +1: ylavic, jkaluza

   * mod_deflate: Define APR_INT32_MAX when it is missing so to be able to
                  compile against APR-1.2.x (minimum required version).
     trunk/2.4.x patch: not concerned (require APR-1.5.x)
     2.2.x patch: http://people.apache.org/~ylavic/httpd-2.2.x-mod_deflate_APR_INT32_MAX.patch
     +1: ylavic, trawick

   * default conf: Disable SSLv3, like SSLv2, in the default configuration.
     trunk patch: n/a -- Only 2.2.x has SSLProtocol in httpd-ssl.conf.in
     2.2.x patch: https://issues.apache.org/bugzilla/attachment.cgi?id=32131     
     +1: covener, ylavic

   * mod_proxy_ajp: Fix get_content_length().
     clength in request_rec is for response sizes, not request body size.
     It is initialized to 0, so the "if" branch was never taken.
@@ -149,20 +163,6 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
     2.2.x patch: trunks works (plus CHANGES)
     +1 rjung, ylavic

   * mod_ssl: Add SSLSessionTickets (on|off). [Rainer Jung]
     It controls the use of TLS session tickets (RFC 5077).
     Default is unchanged (on).
     Using session tickets without restarting the web server with
     an appropriate frequency (e.g. daily) compromises perfect forward
     secrecy. As long as we do not have a nice key management
     there needs to be a way to deactivate the use of session tickets.
     trunk patch: http://svn.apache.org/r1650310
                  http://svn.apache.org/r1650320
     2.2.x patch: http://people.apache.org/~ylavic/httpd-2.2.x-SSLSessionTickets-v2.patch
     +1: ylavic, rjung
     rjung: Adjust compatibility note in docs.
     ylavic: Done, thanks.

   * mod_unique_id: Update docs and comment: the unique id is now 24 characters, not 19
     See explanation in:
        http://httpd.apache.org/docs/2.2/mod/mod_unique_id.html#comment_3564