[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NOTICE: Intent to T&R 2.4.35 in the next few hours

On Wed, Sep 19, 2018 at 6:56 AM Joe Orton <jorton@xxxxxxxxxx> wrote:
On Wed, Sep 19, 2018 at 01:19:29PM +0200, Apache Lounge wrote:
> Are there  examples what (maybe) does not work with OpenSSL 1.1.1 ?

Have you run the test suite? The flipped setting of SSL_MODE_AUTO_RETRY
is expected to break TLSv1.2 as well, that problem is consistent with
the hangs Daniel reported here.

Note this applies specifically to the timing and scope of httpd auth under TLS.
> openssl.org says that the new 1.1.1 is binary and API/ABI compatible with
> OpenSSL 1.1.0.

For some apps that might be true, I think it's a bit of a stretch, but
it's not really worth arguing about.

And note that 1.1.1a may address some deficiencies in 1.1.1 release
w.r.t. compatibility. Although this specific one was asked-and-answered,
with enough pushback from various projects, such defaults (at least for the
behavior of TLS 1.2) may be reconsidered.

+1 on the proposed statement.