Commit e2169194 authored by Yann Ylavic's avatar Yann Ylavic
Browse files

Propose.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1678107 13f79535-47bb-0310-9956-ffa450edef68
parent 8b7acef6
Loading
Loading
Loading
Loading
+20 −1
Original line number Diff line number Diff line
@@ -185,7 +185,7 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
     2.2.x patch: http://people.apache.org/~ylavic/httpd-2.2.x-SSLSessionTicketKeyFile.patch
     +1: ylavic

  *) mod_proxy: use the original (non absolute) form of the request-line's URI
   * mod_proxy: use the original (non absolute) form of the request-line's URI
     for requests embedded in CONNECT payloads used to connect SSL backends via
     a ProxyRemote forward-proxy. PR 55892.
     trunk patch: http://svn.apache.org/r1665215
@@ -202,6 +202,25 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
     2.4.x patch: trunk works (modulo CHANGES)
     +1: breser

   * mod_ssl: Improve handling of ephemeral DH and ECDH keys by
     allowing custom parameters to be configured via SSLCertificateFile,
     and by adding standardized DH parameters for 1024/2048/3072/4096 bits.
     Unless custom parameters are configured, the standardized parameters
     are applied based on the certificate's RSA/DSA key size.  Also drop
     support for export-grade ciphers with ephemeral RSA keys, and
     unconditionally disable aNULL, eNULL and EXP ciphers
     (not overridable via SSLCipherSuite).
     trunk patch: http://svn.apache.org/r1526168
                  http://svn.apache.org/r1527291
                  http://svn.apache.org/r1527295
                  http://svn.apache.org/r1563420
                  http://svn.apache.org/r1588851
                  http://svn.apache.org/r1666363
     2.2.x patch: http://people.apache.org/~ylavic/httpd-2.2.x-mod_ssl-improved_EDH.patch
     +1: ylavic
     ylavic: tested with openssl 0.9.7a, 0.9.8o, 1.0.1m and 1.0.2a with 1024
             and 2048 bits certificates (modulus), using EDH and ECDH ciphers.

PATCHES/ISSUES THAT ARE STALLED

   * mod_proxy_balancer: Always initialize the shared parameters of a load