osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TLSv1.3 supprt for 2.4.x?


With the recent release of openssl 1.1.1 back on Sept 11 that supports TLS
1.3 final RFC 8446, I believe demand for this backport will steadily
increase. Thank you Stephan for proposing this backport branch.

FreeBSD 11.2-RELEASE-p3
Apache/2.4.35-dev (Unix) 
OpenSSL/1.1.1

I've compiled and am running this branch and hosting a web site successfully
providing TLSv1.3 (rfc8446)
I can negotiate a TLS 1.3 connection from another openssl 1.1.1 client. I am
also successful connecting with Firefox Nightly 64.0a1. Support for RFC 8446
was added in version 63 which is expected to ship October 2018.

There is one error that I receive during initial 'make' if the package
converters/libiconv is installed on the system:


Temporarily uninstalling libiconv allows 'make' to finish.
However libiconv must be reinstalled prior to 'make install' to avoid
another error:


rsync is the only pkg that depends on libiconv so i'm not sure why it would
interfere in the make process.

After successfully compiling and installing this branch, httpd appears to
have the backported features working.
Thank you everyone for all your efforts in bringing this backport proposal
forward.

Cheers,

Dennis



--
Sent from: http://apache-http-server.18135.x6.nabble.com/Apache-HTTP-Server-Dev-f4771363.html