Apache and TLS renegocitation

To: pkgsrc-users%netbsd.org@localhost
Subject: Apache and TLS renegocitation
From: manu%netbsd.org@localhost (Emmanuel Dreyfus)
Date: Tue, 21 Jun 2011 08:06:38 +0200

Hello everybody

It seems difficult to re-enable TLS renegociation with Apache. As I
understand, I need:

1) a fixed OpenSSL. 
NetBSD-SA2010-002 says netbsd-5 and netbsd-5-0 were fixed on 2010-01-12,
and 5.0.2 and 5.1 were released later, so theses to releases should be
alright.

2) a fixed apache that supports RFC 5746. According to this document,
2.2.15 seems to support RFC 5746
http://www.apachehaus.com/index.php?option=com_content&view=article&id=8
5&Itemid=88

Therefore an apache >= 2.2.15 from pkgsrc on NetBSD 5.1 or NetBSD 5.0.2
should have TLS renegociation working. But Qualys' SSL Labs test
(https://www.ssllabs.com/ssldb/index.html ) says my system does not:
Session resumption      No (IDs empty)
Renegotiation   Not supported (requires further action) 

Anyone has hints on how to re-enable that?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu%netbsd.org@localhost

Follow-Ups:
- Re: Apache and TLS renegocitation
  - From: David Magda

Prev by Date: Re: bmake; no system rules (sys.mk) - Bootstraping
Next by Date: Industrial catalog 21.5.2011
Previous by Thread: bmake; no system rules (sys.mk) - Bootstraping
Next by Thread: Re: Apache and TLS renegocitation
Indexes:

Home | Main Index | Thread Index | Old Index