Hi, Short version: I am hoping to find out what the problems are with the trunk version of TLS/SNI, how they can be fixed, and what the chances are of a backport to 2.2.
Long version: The Mozilla project is very interested in the wide and easy use of SSL, and therefore the wide adoption of TLS/SNI, a TLS extension which permits multiple SSL sites on a single IP. The lack of need for a static IP, combined with very cheap certs, makes SSL accessible for almost everyone. Support for TLS/SNI has been in Firefox since version 2.0, and IE since version 7, and I believe is in all other major browsers. I believe IIS supports it also. As most of you will know, supporting it in Apache requires changes to OpenSSL (which we funded, and which went into version 0.9.8f) and to the httpd itself. These have now gone in to the trunk[0]. However, it's top of the "STALLED" list in the 2.2 STATUS file[1], with a note talking about "problems with the trunk version". I'm hoping to learn about what those problems are, what the prospects are for getting them resolved and then, assuming they are, what the prospects are for a backport. (Notes in that STATUS file suggest that a backport might not be appropriate even if the issues were fixed.) Many thanks to anyone who can shed some light :-) Gerv [0] http://svn.apache.org/viewvc?view=rev&revision=606190 [1] http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/STATUS
