[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-httpd-bugs
Subject: [Bug 63368] TLS1.3 Client verification failures
From: bugzilla () apache ! org
Date: 2019-04-23 11:49:15
Message-ID: bug-63368-7868-YVYMlq3DrW () https ! bz ! apache ! org/bugzilla/
[Download RAW message or body]
https://bz.apache.org/bugzilla/show_bug.cgi?id=63368
Joe Orton <jorton@redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |DUPLICATE
--- Comment #1 from Joe Orton <jorton@redhat.com> ---
If browser vendors are choosing not to make this work by default for HTTP/1.1
as it did for TLS/1.2 that is out of our hands, but I don't think it implies we
need to deprecate the functionality in mod_ssl.
I agree it is a functional regression which will likely impede adoption of
TLS/1.3, and I'm not aware of any workaround other than using a separate vhost
for client-cert-auth-protected resources.
There is an effort to replace PHA at application layer in HTTP/2 which makes
sense technically in the long. But that will require time and effort to
implement assume it makes it through standardization and won't benefit HTTP/1.1
users. I assume it will require support from OpenSSL as well -
https://tools.ietf.org/html/draft-ietf-httpbis-http2-secondary-certs-03
*** This bug has been marked as a duplicate of bug 62975 ***
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic