63066 – Add support for ACME TLS-ALPN Challenges

Bug 63066 - Add support for ACME TLS-ALPN Challenges

Summary: Add support for ACME TLS-ALPN Challenges

Status:	NEW

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	mod_http2 (show other bugs)
Version:	2.4.37
Hardware:	PC All

Importance:	P2 enhancement (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-01-07 17:25 UTC by quanah.gibsonmount
Modified:	2019-03-19 10:12 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description quanah.gibsonmount 2019-01-07 17:25:29 UTC

The mod_md work to support TLS-SNI challenges is no longer useful with Let's Encrypt as that method has been deprecated due to security issues.

The replacement is Acme's TLS-ALPN challenge as described in https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-05

It would be very helpful for Apache HTTPD to support this new challenge type.

Comment 1 Stefan Eissing 2019-01-15 09:34:54 UTC

Totally agree. Note however that his necessitates the support for ACMEv2 where current mod_md only runs against a ACMEv1 endpoint.

Comment 2 Stefan Eissing 2019-03-19 10:12:01 UTC

A very early experience version can be found at the github repository: https://github.com/icing/mod_md

Always looking for testers and feedback.