The Apache Haus Forum

Advanced search  

News:

Welcome to Apache Haus Distribution Forum

Sorry Guest, you are banned from posting and sending personal messages on this forum.
Error: S4296
This ban is not set to expire.
Pages: [1]   Go Down

Author Topic: OpenSSL 1.0.1 updates are here  (Read 2652 times)

Gregg

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 849
OpenSSL 1.0.1 updates are here
« on: March 16, 2012, 01:21:14 AM »

OpenSSL 1.0.1 was released yesterday (US time) and we have updates here for both Apache 2.2.22 and 2.4.1.

The major change is for us is Support for TLS 1.1 & 1.2, so you can use an 256 bit cypher without the worry of the BEAST attack. I ran
Quays SSL Test against my server and both TLS 1.1 & 1.2 were listed as available, and my TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 cipher showed up as well. BEAST attack : Not vulnerable. Now it's a matter of the browsers catching up, I still have RC4-SHA as the second cipher allowed since it is not vulnerable to the BEAST.

One thing is, we have had more downloads of Non-SNI builds of Apache 2.2.x than SNI enabled ones. It is that reason we continue to supply SNI disabled builds over some objections. I feel why throw out our golden goose. The problem is however, it is impossible at this time to disable SNI support in 1.0.1, I gave it a gallant try. If I use them fixing the minor problem building 1.0.0 with SNI disabled as an indicator, it will never happen in 1.0.1. So those of you that have not wanted, it's the new thing and you will be getting it. Just because it is there does not mean you have to use it.

Change Log
Logged
Pages: [1]   Go Up
 

Sitemap 1 2 3 4 5 6 7 8 9 10 11 12 13