before signals handling to avoid lifetime issues on restart or shutdown.
PR 62658. [Yann Ylavic]
- *) mod_ssl: add experimental support for TLSv1.3 (tested with OpenSSL v1.1.1-pre9.
- SSL(Proxy)CipherSuite now has an optional first parameter for the protocol the ciphers are for.
- Directive "SSLVerifyClient" now triggers certificate retrieval from the client.
- Verifying the client fails exactly the same for HTTP/2 connections for all SSL protocols,
- as this would need to trigger the master connection thread - which we do not support
- right now.
- Renegotiation of ciphers is intentionally ignored for TLSv1.3 connections. "SSLCipherSuite"
- does not allow to specify TLSv1.3 ciphers in a directory context (because it cannot work) and
- TLSv1.2 or lower ciphers are not relevant for 1.3, as cipher suites are completely separate.
- Sites which make use of such TLSv1.2 feature need to evaluate carefully if or how they
- can match their needs onto the TLSv1.3 protocol.
- [Yann Ylavic, Stefan Eissing]
+ *) mod_ssl: Add support for OpenSSL 1.1.1 and TLSv1.3. TLSv1.3 has
+ behavioural changes compared to v1.2 and earlier; client and
+ configuration changes should be expected. SSLCipherSuite is
+ enhanced for TLSv1.3 ciphers, but applies at vhost level only.
+ [Stefan Eissing, Yann Ylavic, Ruediger Pluem, Joe Orton]
*) mod_auth_basic: Be less tolerant when parsing the credencial. Only spaces
should be accepted after the authorization scheme. \t are also tolerated.
projects / thirdparty / apache / httpd.git / commitdiff
