294 *) mod_ssl: Add support for OpenSSL 1.1.1 and TLSv1.3. TLSv1.3 has
295 behavioural changes compared to v1.2 and earlier; client and
296 configuration changes should be expected. SSLCipherSuite is
297 enhanced for TLSv1.3 ciphers, but applies at vhost level only.
298 [Stefan Eissing, Yann Ylavic, Ruediger Pluem, Joe Orton]
=> branch https://github.com/apache/httpd/commits/tlsv1.3-for-2.4.x
I'm not sure on this one ...
It won't be easy and the fallout might be high.
It almost seems safer to consider MREing something >=2.4.36 completely.
But all of that is up to the security Teams guidance anyway.
Waiting on them to comment.
While in many projects it is just a rebuild, here it is quite some code.
From changes in 2.4.36: per-dir client /github. com/apache/ httpd/commit/ 84edf5f49db23ce d03259812bbf942 6685f7d82a
106 *) SECURITY: CVE-2019-0215 (cve.mitre.org)
107 mod_ssl: Fix access control bypass for per-location/
108 certificate verification in TLSv1.3.
=> commit https:/
294 *) mod_ssl: Add support for OpenSSL 1.1.1 and TLSv1.3. TLSv1.3 has /github. com/apache/ httpd/commits/ tlsv1.3- for-2.4. x
295 behavioural changes compared to v1.2 and earlier; client and
296 configuration changes should be expected. SSLCipherSuite is
297 enhanced for TLSv1.3 ciphers, but applies at vhost level only.
298 [Stefan Eissing, Yann Ylavic, Ruediger Pluem, Joe Orton]
=> branch https:/
I'm not sure on this one ...
It won't be easy and the fallout might be high.
It almost seems safer to consider MREing something >=2.4.36 completely.
But all of that is up to the security Teams guidance anyway.
Waiting on them to comment.