-*- coding: utf-8 -*-
-Changes with Apache 2.4.35
+Changes with Apache 2.4.36
+ *) mod_ssl: add experimental support for TLSv1.3 (tested with OpenSSL v1.1.1-pre9.
+ SSL(Proxy)CipherSuite now has an optional first parameter for the protocol the ciphers are for.
+ Directive "SSLVerifyClient" now triggers certificate retrieval from the client.
+ Verifying the client fails exactly the same for HTTP/2 connections for all SSL protocols,
+ as this would need to trigger the master connection thread - which we do not support
+ right now.
+ Renegotiation of ciphers is intentionally ignored for TLSv1.3 connections. "SSLCipherSuite"
+ does not allow to specify TLSv1.3 ciphers in a directory context (because it cannot work) and
+ TLSv1.2 or lower ciphers are not relevant for 1.3, as cipher suites are completely separate.
+ Sites which make use of such TLSv1.2 feature need to evaluate carefully if or how they
+ can match their needs onto the TLSv1.3 protocol.
+ [Yann Ylavic, Stefan Eissing]
+
+ *) mod_auth_basic: Be less tolerant when parsing the credencial. Only spaces
+ should be accepted after the authorization scheme. \t are also tolerated.
+ [Christophe Jaillet]
+
+ *) mod_proxy_hcheck: Fix issues with interval determination. PR 62318
+ [Jim Jagielski]
+
+ *) mod_proxy_hcheck: Fix issues with TCP health checks. PR 61499
+ [Dominik Stillhard <dominik.stillhard united-security-providers.ch>]
+
+ *) mod_proxy_hcheck: take balancer's SSLProxy* directives into account.
+ [Jim Jagielski]
+
+ *) mod_status, mod_echo: Fix the display of client addresses.
+ They were truncated to 31 characters which is not enough for IPv6 addresses.
+ This is done by deprecating the use of the 'client' field and using
+ the new 'client64' field in worker_score.
+ PR 54848 [Bernhard Schmidt <berni birkenwald de>, Jim Jagielski]
+
+Changes with Apache 2.4.35
+
+ *) http: Enforce consistently no response body with both 204 and 304
+ statuses. [Yann Ylavic]
+
*) mod_status: Cumulate CPU time of exited child processes in the
"cu" and "cs" values. Add CPU time of the parent process to the
"c" and "s" values.
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- *) Add TLSv1.3 support to mod_ssl:
- trunk: http://svn.apache.org/r1839946
- http://svn.apache.org/r1839920
- http://svn.apache.org/r1833589
- http://svn.apache.org/r1833588
- http://svn.apache.org/r1828723
- http://svn.apache.org/r1828720
- http://svn.apache.org/r1828222
- http://svn.apache.org/r1827992
- http://svn.apache.org/r1827924
- http://svn.apache.org/r1827912
- http://svn.apache.org/r1828790
- http://svn.apache.org/r1828791
- http://svn.apache.org/r1828792
- http://svn.apache.org/r1840585
- http://svn.apache.org/r1840710
- http://svn.apache.org/r1841218
- 2.4.x branch: svn merge ^/httpd/httpd/branches/tlsv1.3-for-2.4.x
- +1: icing, jorton, minfrin (tested on openssl-1.0.2j and openssl-1.1.1)
- *) kotkov has made mamy improvements to the mpm_winnt about one year ago.
- None of them have been merged or proposed for backport yet.
- Start the merge process with the first easy steps in order to synch
- 2.4.x and trunk and ease other merges
- - mpm_winnt: Factor out a helper function to parse the type of an accept
- filter and use an appropriate enum for it
- - mpm_winnt: fix typo
- - mpm_winnt: follow-up to r1801144
- trunk patch: http://svn.apache.org/r1801144
- http://svn.apache.org/r1801148
- http://svn.apache.org/r1801456
- 2.4.x patch: svn merge -c 1801144,1801148,1801456 ^/httpd/httpd/trunk .
- +1: jailletc36, jim (via inspection), wrowe
--
- *) mod_proxy: fix load order dep between mod_proxy and lbmethod providers
- trunk patch: http://svn.apache.org/r1836381
- http://svn.apache.org/r1836382
- http://svn.apache.org/r1836383
- http://svn.apache.org/r1836386
- http://svn.apache.org/r1836603
- 2.4.x patch: http://people.apache.org/~covener/2.4.x-proxy-opt-fn.diff
- +1: covener, jim, ylavic
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
projects / thirdparty / apache / httpd.git / commitdiff
