On Monday 27 August 2001 23:03, Doug MacEachern wrote:
> On Thu, 23 Aug 2001, Ryan Bloom wrote:
> > Because mod_ssl only implements the SSL wrapping for HTTP. The idea is
> > that the filters go in mod_tls, and mod_ssl just has the logic to make
> > the filters work for HTTP. That way, SSL can work with POP3, NNTP, and
> > the proxy.
>
> i think mod_ssl should work with all protocols (it works with nntp right
> now). mod_ssl provides features such as:
> CRLs
> session caching
> per-location renegotation
> SSLRequire
> logging
> var lookups
> and so on that are not http specific.
>
> there is a bit more effort to get a protocol module such as nntp working
> both with and without ssl. for example with nntp when the first client
> connects it does not send a request (like http clients do), but awaits a
> 200 - ready response. to work with ssl, an nntp protocol module needs to
> first call get_brigade to trigger the initial ssl negotiation. but the
> same issue is there with mod_tls. personally, i don't think its worth
> the effort to maintain both mod_tls and mod_ssl. effort would be better
> spent modularizing mod_ssl to support other protocols if needed.
Cool, if this works, then we should just ditch mod_tls.
Ryan
______________________________________________________________
Ryan Bloom [EMAIL PROTECTED]
Covalent Technologies [EMAIL PROTECTED]
--------------------------------------------------------------
