The Apache Haus Forum

Advanced search  

News:

Welcome to Apache Haus Distribution Forum

Pages: [1] 2 3 ... 10
 1 
 on: December 11, 2018, 04:51:20 AM 
Started by Gregg - Last post by Gregg
It's been a long time since 2.9.2 came out and I was beginning to wonder about this module.

Changes in version 2.9.3;

 * Allow 0 length JSON requests.
 * Include unanmed JSON values in unnamed ARGS
 * Fix buffer size for utf8toUnicode transformation
 * Fix sanitizing JSON request bodies in native audit log format
 * Add sanity check for a couple malloc() and make code more resilient
 * Fix mpm-itk / mod_ruid2 compatibility
 * Code cosmetics: checks if actionset is not null before use it
 * Only generate SecHashKey when SecHashEngine is On
 * Docs: Reformat README to Markdown and update dependencies
 * good practices: Initialize variables before use it
 * Let body parsers observe SecRequestBodyNoFilesLimit
 * potential off by one in parse_arguments
 * Fix utf-8 character encoding conversion
 * Fix ip tree lookup on netmask content
 * modsecurity.conf-recommended: Fix spelling
 * Fix arabic charset in unicode_mapping file
 * Optionally preallocates memory when SecStreamInBodyInspection is on
 * Fixes SecConnWriteStateLimit
 * Added "empy chunk" check
 * Add capture action to @detectXSS operator
 * Uses LOG_NO_STOPWATCH instead of DLOG_NO_STOPWATCH
 * Adds missing headers


You can get your copy of the new module from our download page.

 2 
 on: November 26, 2018, 09:27:18 AM 
Started by Gregg - Last post by mario
Thanks!

 3 
 on: November 26, 2018, 06:53:03 AM 
Started by Gregg - Last post by Gregg
OpenSSL updated to 1.0.2q, 1.1.0j or 1.1.1a
This OpenSSL update covers 3 low severity vulnerabilities.

Brotli updated to 1.0.7
NGHTTP2 updated to 1.35.0
SQLite updated to 3.25.3

You can get your copy of the new Apache HTTP Server from our download page.

 4 
 on: October 23, 2018, 09:00:24 AM 
Started by Gregg - Last post by mario
I did, cause I tried on my test server and is refused to start with the dashed names. Even though httpd -S showed not error.

 5 
 on: October 23, 2018, 03:34:47 AM 
Started by Gregg - Last post by Gregg
Nope, a copy & paste overlook error.  Got 3, missed one. Oh well, fixed now.

 6 
 on: October 23, 2018, 02:50:46 AM 
Started by Gregg - Last post by Gregg
Who knows? However because they're not compatible w/ tls < 1.3 it seems a good guess at least. Funny I never noticed it.

 7 
 on: October 22, 2018, 10:18:51 PM 
Started by Gregg - Last post by mario
Indded, it is different.. I wonder why. O_o

 8 
 on: October 22, 2018, 09:54:21 PM 
Started by Gregg - Last post by mario
I wonder why the TLS 1.3 cipher names are with underscore while the other are not?

Shouldn't it be like SSLCipherSuite TLSv1.3 ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384 ??

 9 
 on: October 22, 2018, 09:44:34 PM 
Started by Gregg - Last post by mario
.35 again :D I guess it is a typo of copy and paste.

 10 
 on: October 22, 2018, 08:08:37 PM 
Started by Gregg - Last post by Gregg
If your new to Apache no problem as our OpenSSL 1.1.1 downloads are pre-configured to run Apache capable of handling TLS/1.3 connections.

For those upgrading and will be wanting to keep their current configuration files here's some things you need to know.

1. Apache will run without touching your config but will not connect in TLS/1.3.
2. At minimum you will have to add +TLSv1.3 to your SSLProtocol line because at this point, TLS/1.3 is technically experimental.
3. TLS/1.3 ciphers are not compatible with TLS/1.2 and below so we now have two (2) SSLCipherSuite lines to use;

Code: [Select]
    SSLCipherSuite SSL ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!RC4:!LOW:!MD5:!aNULL:!eNULL:!3DES:!EXP:!PSK:!SRP:!DSS
    SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256
4. #3 is still optional, if you just leave your SSLCipherSuite, Apache will use OpenSSL's defaults. This however might affect your current cipher order in TLS <= 1.0.2. I forget because I tested this back in August and think I remember this happening. I put chacha ciphers up front and I was seeing ECDHE-RSA-AES256-GCM-SHA384 in the browser.


Compatible Browsers:

Chrome 70
Firefox 63 (due out soon) and  Firefox Nightly.

Pages: [1] 2 3 ... 10