osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TLSv1.3 supprt for 2.4.x?


On Tue, Sep 18, 2018 at 4:08 PM Joe Orton <jorton@xxxxxxxxxx> wrote:
>
> As of r1841219 I think the tlsv1.3-for-2.4.x is ready for merging...

Thanks Joe for the hard work!

>
> A BIG caveat remains around Post-Handshake Auth.  With the current Perl
> stack (including whatever adjustments for OpenSSL 1.1.1 already
> required) the failures I get with the test suite and that branch are
> significant, because PHA is NOT enabled by default client-side and a
> bunch of the tests rely on that.

Does it work for mod_proxy auth with a httpd backend, both in TLS 1.3?
I wonder because PHA isn't enabled on mod_proxy either, IIUC.
Will test but possibly you did it already.

>
> I don't understand the logic behind disabling PHA by default, and I
> think it's a serious error, but I am not optimistic that the decision
> will be reversed.

It's completely incomprehensible I guess...

Regards,
Yann.