]> git.ipfire.org Git - thirdparty/apache/httpd.git/commit
projects / thirdparty / apache / httpd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b3a52be) | patch
mod_ssl: Check the SSLProtocol directive when loading the configuration
authorJoe Orton <jorton@apache.org>
Wed, 9 Apr 2025 08:01:24 +0000 (08:01 +0000)
committerJoe Orton <jorton@apache.org>
Wed, 9 Apr 2025 08:01:24 +0000 (08:01 +0000)
commite6cfbfa30d81bcfc9979fd5b49c0f0f8b5fe86a7
treea1df6eddc006f9007e197dfa94e95d694b5b5566tree
parentb3a52bec98f27c81d6cba1b0592d3d82d6ab9546commit | diff
mod_ssl: Check the SSLProtocol directive when loading the configuration

Previously, the SSLProtocol directive was checked at runtime. Apache quit if
the directive contained an invalid combination of protocols, and logged the
message "AH02231: No SSL protocols available [hint: SSLProtocol]".

With this change, most invalid SSLProtocol directives are detected when
checking the configuration, e.g. with \"httpd -t -f httpd.conf\".

Examples of invalid protocol combinations that are caught:
* SSLProtocol "-TLSv1"
* SSLProtocol "-all"
* SSLProtocol "TLSv1.2 -TLSv1.2"

Submitted by: Michael Kaufmann <mail michael-kaufmann.ch>
Github: closes #523

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1924955 13f79535-47bb-0310-9956-ffa450edef68
changes-entries/ssl-check-protoconf.txt [new file with mode: 0644] blob
modules/ssl/ssl_engine_config.c diff | blob | blame | history
Mirror of https://github.com/apache/httpd.git