pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Apache and TLS renegocitation

Hello everybody

It seems difficult to re-enable TLS renegociation with Apache. As I
understand, I need:

1) a fixed OpenSSL. 
NetBSD-SA2010-002 says netbsd-5 and netbsd-5-0 were fixed on 2010-01-12,
and 5.0.2 and 5.1 were released later, so theses to releases should be

2) a fixed apache that supports RFC 5746. According to this document,
2.2.15 seems to support RFC 5746

Therefore an apache >= 2.2.15 from pkgsrc on NetBSD 5.1 or NetBSD 5.0.2
should have TLS renegociation working. But Qualys' SSL Labs test
( ) says my system does not:
Session resumption      No (IDs empty)
Renegotiation   Not supported (requires further action) 

Anyone has hints on how to re-enable that?

Emmanuel Dreyfus

Home | Main Index | Thread Index | Old Index