Description of problem:
Previous httpd version accepted requests with only FL on the end of the lines, not mentioned in specification. The current version is now following the specification too tight. The response is now Bad Request, unlike accepted.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. create request containing "\n" not "\r\n" as end line mark.
2. send the request to the httpd
Server is responding:
HTTP/1.1 400 Bad Request
Connection passing. Server response is sane...
Mentioned behaviour is a regression in behaviour. We assume that keeping the specification too tight now will generate too much problems to the customers.
Being relaxed in what is accepted here is a vulnerability, CVE-2016-8743, and hence that is being changed by default.
has been added, which can be used to restore the old behaviour.
Explanation is sufficient.