From: Yann Ylavic <ylavic@apache.org>
Date: Sat, 24 Jan 2015 08:17:41 +0000 (+0000)
Subject: Propose SSLSessionTickets directive.
X-Git-Tag: 2.2.30~188
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f65d107d70868bdf53ee06215b9b02c9f82adc3d;p=thirdparty%2Fapache%2Fhttpd.git

Propose SSLSessionTickets directive.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1654482 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/STATUS b/STATUS
index ceff9a82194..32d7dac98b3 100644
--- a/STATUS
+++ b/STATUS
@@ -159,6 +159,18 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
      2.2.x patch: trunks works (plus CHANGES)
      +1 rjung
 
+   * mod_ssl: Add SSLSessionTickets (on|off). [Rainer Jung]
+     It controls the use of TLS session tickets (RFC 5077).
+     Default is unchanged (on).
+     Using session tickets without restarting the web server with
+     an appropriate frequency (e.g. daily) compromises perfect forward
+     secrecy. As long as we do not have a nice key management
+     there needs to be a way to deactivate the use of session tickets.
+     trunk patch: http://svn.apache.org/r1650310
+                  http://svn.apache.org/r1650320
+     2.2.x patch: http://people.apache.org/~ylavic/httpd-2.2.x-SSLSessionTickets.patch
+     +1: ylavic
+
 PATCHES/ISSUES THAT ARE STALLED
 
    * mod_proxy_balancer: Always initialize the shared parameters of a load