Mailing List Archive by Gossamer Threads http://www.gossamer-threads.com/lists/apache/dev/ en-us (c) Gossamer Threads Inc. All rights reserved. 08 Nov 2009 19:38:34 -0800 120 75 23 http://www.gossamer-threads.com/lists/apache/dev/ http://www.gossamer-threads.com/images/lists/rss_logo.jpg Stefan Fritsch wrote on 2009-11-07 11:24:03: > Shouldn't you use something like this? > > BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown 08 Nov 2009 16:53:01 -0800 http://www.gossamer-threads.com/lists/apache/dev/376443 +---------------------------------------------------------------------------+ | Bugzilla Bug ID 08 Nov 2009 15:08:17 -0800 http://www.gossamer-threads.com/lists/apache/dev/376442 +---------------------------------------------------------------------------+ | Bugzilla Bug ID 08 Nov 2009 15:08:16 -0800 http://www.gossamer-threads.com/lists/apache/dev/376441 Dirk-Willem van Gulik wrote: > Dirk-Willem van Gulik wrote: > >> Actually Steve - you may know - what besides the obvious >> >> extendedKeyUsage=nsSG 08 Nov 2009 04:47:06 -0800 http://www.gossamer-threads.com/lists/apache/dev/376436 On 06/11/09 20:07, Jim Jagielski wrote: > >> >> I'd like we remove the entire forwarding proxy stuff >> for example. > So we have mod_forward_proxy an 08 Nov 2009 00:56:03 -0800 http://www.gossamer-threads.com/lists/apache/dev/376433 On 11/07/2009 08:19 PM, sf@apache.org wrote: > Author: sf > Date: Sat Nov 7 19:19:10 2009 > New Revision: 833738 > > URL: http://svn.apache.org/view 07 Nov 2009 17:45:22 -0800 http://www.gossamer-threads.com/lists/apache/dev/376432 Kaspar Brand wrote: > Dr Stephen Henson wrote: >> A few comments about that: > > Thanks for the review! > >> These are cryptographic keys (or at lea 07 Nov 2009 09:35:39 -0800 http://www.gossamer-threads.com/lists/apache/dev/376421 Dr Stephen Henson wrote: > A few comments about that: Thanks for the review! > These are cryptographic keys (or at least the HMAC and AES keys are) 07 Nov 2009 06:56:00 -0800 http://www.gossamer-threads.com/lists/apache/dev/376417 Kaspar Brand wrote: +#if !defined(OPENSSL_NO_TLSEXT) && OPENSSL_VERSION_NUMBER < 0x009080d0 +#define TICK_KEYS_LEN sizeof(((SSL_CTX *)0)->tlsext_t 07 Nov 2009 04:21:56 -0800 http://www.gossamer-threads.com/lists/apache/dev/376416 Kaspar Brand wrote: > Does that sound reasonable? If so, I would prepare a new patch with > SSL_CTX_set_tlsext_ticket_keys and the new config directiv 07 Nov 2009 03:06:28 -0800 http://www.gossamer-threads.com/lists/apache/dev/376415 On Saturday 07 November 2009, Lars Eilebrecht wrote: > Ruediger Pluem wrote on 2009-11-07 00:29:41: > > > -BrowserMatch ".*MSIE.*" \ > > > - n 07 Nov 2009 02:24:03 -0800 http://www.gossamer-threads.com/lists/apache/dev/376414 On 7 Nov 2009, at 06:25, Brian Rectanus wrote: > Yes, mod_security requires it. Many who use mod_security may not even > realize it. It would be a 07 Nov 2009 01:28:10 -0800 http://www.gossamer-threads.com/lists/apache/dev/376429 On 11/07/2009 02:21 AM, Lars Eilebrecht wrote: > Ruediger Pluem wrote on 2009-11-07 00:29:41: > >>> -BrowserMatch ".*MSIE.*" \ >>> - nokeepal 07 Nov 2009 01:09:26 -0800 http://www.gossamer-threads.com/lists/apache/dev/376413 On Thu, Nov 5, 2009 at 11:02 PM, Ruediger Pluem <rpluem@apache.org> wrote: > > > On 11/06/2009 06:45 AM, Nick Kew wrote: >> On 6 Nov 2009, at 05:30, S 06 Nov 2009 22:25:31 -0800 http://www.gossamer-threads.com/lists/apache/dev/376412 Ruediger Pluem wrote on 2009-11-07 00:29:41: > > -BrowserMatch ".*MSIE.*" \ > > - nokeepalive ssl-unclean-shutdown \ > > - downgrade- 06 Nov 2009 17:21:45 -0800 http://www.gossamer-threads.com/lists/apache/dev/376410 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Subject: CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation Apache httpd is affected by CVE-2 06 Nov 2009 17:21:08 -0800 http://www.gossamer-threads.com/lists/apache/dev/376409 Folks, This is Vipul Gupta's patch (Bugzilla 40132) against today's trunk. This compiles and works under some manual testing. Looks like OpenSSL 06 Nov 2009 16:41:02 -0800 http://www.gossamer-threads.com/lists/apache/dev/376408 Joe Orton wrote: > Awesome, thanks a lot! > > +1 for backport to 2.2.x here too. +1 here from me as well. So the trunk patch is svn diff -r8 06 Nov 2009 16:23:44 -0800 http://www.gossamer-threads.com/lists/apache/dev/376407 On Sat, Nov 07, 2009 at 12:37:56AM +0100, Ruediger Pluem wrote: > On 11/06/2009 11:33 PM, jorton@apache.org wrote: > > Author: jorton > > Date: Fri No 06 Nov 2009 16:08:18 -0800 http://www.gossamer-threads.com/lists/apache/dev/376401 On Fri, Nov 06, 2009 at 03:19:12PM -0800, Lars Eilebrecht wrote: > attached is a slightly different patch, it includes "!EXP" and I've > moved the dir 06 Nov 2009 15:57:30 -0800 http://www.gossamer-threads.com/lists/apache/dev/376400 On 11/06/2009 11:33 PM, jorton@apache.org wrote: > Author: jorton > Date: Fri Nov 6 22:33:19 2009 > New Revision: 833582 > > URL: http://svn.apache. 06 Nov 2009 15:37:56 -0800 http://www.gossamer-threads.com/lists/apache/dev/376399 On 11/07/2009 12:19 AM, Lars Eilebrecht wrote: > Hi, > > attached is a slightly different patch, it includes "!EXP" and I've > moved the directive ou 06 Nov 2009 15:29:41 -0800 http://www.gossamer-threads.com/lists/apache/dev/376398 Joe Orton wrote: > On Fri, Nov 06, 2009 at 03:09:22AM +0000, Joe Orton wrote: >> A second hack, slightly less rough hack: > > I committed this in r833 06 Nov 2009 15:28:03 -0800 http://www.gossamer-threads.com/lists/apache/dev/376397 Hi, attached is a slightly different patch, it includes "!EXP" and I've moved the directive out of the vhost into the main server config (there's not 06 Nov 2009 15:19:12 -0800 http://www.gossamer-threads.com/lists/apache/dev/376396 On Fri, Nov 06, 2009 at 03:09:22AM +0000, Joe Orton wrote: > A second hack, slightly less rough hack: I committed this in r833582 with some minor cha 06 Nov 2009 14:49:14 -0800 http://www.gossamer-threads.com/lists/apache/dev/376395