Bug 55467

Summary: Support for OpenSSL custom TLS extensions and supplemental data
Product: Apache httpd-2 Reporter: Scott Deboy <sdeboy>
Component: mod_sslAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: NEW ---    
Severity: normal Keywords: PatchAvailable
Priority: P2    
Version: 2.4.4   
Target Milestone: ---   
Hardware: PC   
OS: Mac OS X 10.4   
Attachments: Aug 21 version of the patch against 2.4.x branch

Description Scott Deboy 2013-08-21 21:18:36 UTC 
Created attachment 30747 [details]
Aug 21 version of the patch against 2.4.x branch

New APIs have been added to OpenSSL to support send/receive of custom TSL extensions as well as TLS supplemental data.  The attached patch adds optional functions and optional hooks to mod_ssl which exposes these APIs for use in other modules.

The patch also provides an optional hook supporting notification of handshake completion.  Returning OK from this hook will result in renegotiation.  Returning DECLINED will not result in renegotiation.  An optional function is also provided which allows modules to initiate renegotiation as needed.

The patch is created against the 2.4.x github repository

git hash 1f88c41c1eacd0a24ecd642f20050ed5cc2ac170
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1516
Comment 1 Scott Deboy 2013-08-21 21:22:46 UTC 
The custom TLS extension API is available in the OpenSSL master git branch.  The supplemental data API is being reviewed by Ben Laurie for inclusion in OpenSSL and mirrors the TLS extension API.
Comment 2 Scott Deboy 2014-02-06 21:57:49 UTC 
The support for the TLS supplemental data message has been added to OpenSSL master branch.  Please let me know if there is anything I can do to get this contribution included.
Comment 3 Scott Deboy 2014-02-18 20:56:36 UTC 
Support for TLS hello extensions and TLS supplemental data are now also available in the OpenSSL 1.0.2 stable branch.