tatsuhiro-t
commented
11 years ago Thank you. Merged and pushed just now.
Closed moparisthebest closed 11 years ago
tatsuhiro-t
commented
11 years ago Thank you. Merged and pushed just now.
moparisthebest
commented
11 years ago Oops, sorry, I didn't mean to sneak that drop privileges commit in there on you, I was going to put in a separate pull request for that, I hope you saw and approved of it too. :/
tatsuhiro-t
commented
11 years ago No problem. I reviewed all of the diffs and approved them.
This patch basically includes functionality Apache and lighttpd have, mainly to mitigate BEAST attacks.
Here is a link to the patch for lighttpd that was accepted a year ago:
http://redmine.lighttpd.net/issues/2364
The way I tested this was using shrpx as a reverse proxy for lighttpd, and using https://www.ssllabs.com/ssltest/index.html to test whether it worked or not.