On Thu, 23 Aug 2001, Ryan Bloom wrote:
>
> Because mod_ssl only implements the SSL wrapping for HTTP. The idea is that
> the filters go in mod_tls, and mod_ssl just has the logic to make the filters work
> for HTTP. That way, SSL can work with POP3, NNTP, and the proxy.
i think mod_ssl should work with all protocols (it works with nntp right
now). mod_ssl provides features such as:
CRLs
session caching
per-location renegotation
SSLRequire
logging
var lookups
and so on that are not http specific.
there is a bit more effort to get a protocol module such as nntp working
both with and without ssl. for example with nntp when the first client
connects it does not send a request (like http clients do), but awaits a
200 - ready response. to work with ssl, an nntp protocol module needs to
first call get_brigade to trigger the initial ssl negotiation. but the
same issue is there with mod_tls. personally, i don't think its worth
the effort to maintain both mod_tls and mod_ssl. effort would be better
spent modularizing mod_ssl to support other protocols if needed.
