From: Rainer Jung <rjung@apache.org>
Date: Thu, 21 May 2015 10:16:10 +0000 (+0000)
Subject: Vote (can you hear the logjam).
X-Git-Tag: 2.2.30~97
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=baddc318150bd9ae09f5dd31936b5145807786ea;p=thirdparty%2Fapache%2Fhttpd.git

Vote (can you hear the logjam).


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1680803 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/STATUS b/STATUS
index 8946ad3369d..e72a96a33fa 100644
--- a/STATUS
+++ b/STATUS
@@ -142,7 +142,15 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
                   http://svn.apache.org/r1200374
                   http://svn.apache.org/r1213380
      2.2.x patch: http://people.apache.org/~ylavic/httpd-2.2.x-SSLSessionTicketKeyFile.patch
-     +1: ylavic, wrowe
+     +1: ylavic, wrowe, rjung
+     rjung: Minor nits you can IMHO apply as CTR:
+            - in mod_ssl.c the info string for SessionTicketKeyFile contains
+              '/path/to/file', whereas existing directives use `/path/to/file'.
+              The first quotation mark is of different style.
+            - enhance docs note about frequent key file rotation by info that one also needs
+              to restart the web server in order for the changed file to take effect
+              (either gracefully or not). Would be useful for 2.4/trunk as well
+            - mention RFC 5077 in CHANGES
 
    * mod_proxy: use the original (non absolute) form of the request-line's URI
      for requests embedded in CONNECT payloads used to connect SSL backends via
@@ -168,7 +176,7 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
                   http://svn.apache.org/r1666363
                   http://svn.apache.org/r1679470
      2.2.x patch: http://people.apache.org/~ylavic/httpd-2.2.x-mod_ssl-improved_EDH-v2.patch
-     +1: ylavic, wrowe
+     +1: ylavic, wrowe, rjung
      ylavic: tested with openssl 0.9.7a, 0.9.8o, 1.0.1m and 1.0.2a with 1024
              and 2048 bits certificates (modulus), using EDH and ECDH ciphers.
              v2 to include r1679470
@@ -187,7 +195,7 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
      trunk patch: http://svn.apache.org/r1653997
      2.4.x patch: merged in http://svn.apache.org/r1663258
      2.2.x patch: trunk works (modulo CHANGES)
-     +1: ylavic, wrowe
+     +1: ylavic, wrowe, rjung
      wrowe: good to fix inheritence. Unsure why ALL is the default on all
             branches, I was sure it wasn't, but if we subvert ALL later, we
             have done something odd. No impact on the validity of this patch.
@@ -209,12 +217,12 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
      2.2.x patch: http://people.apache.org/~ylavic/httpd-2.2.x-ap_proxy_connection_reusable.patch
      +1: ylavic, wrowe
 
-   * Propose a more modern Cipher and Protocol list, honor server cipher
+   * mod_ssl: Propose a more modern Cipher and Protocol list, honor server cipher
      priority and add explanations relative to RFC 7525 guidance.
                   http://svn.apache.org/r1679428
                   http://svn.apache.org/r1679432 [CHANGES]
      2.2.x patch: http://people.apache.org/~wrowe/httpd-2.2-default-httpd-ssl.conf.in.patch
-     +1: wrowe, ylavic
+     +1: wrowe, ylavic, rjung
 
 
 PATCHES/ISSUES THAT ARE STALLED