On 01/22/2009 12:32 PM, Graham Leggett wrote: > Gervase Markham wrote: > >> Short version: I am hoping to find out what the problems are with the >> trunk version of TLS/SNI, how they can be fixed, and what the chances >> are of a backport to 2.2. > > According to STATUS: > > +1: fuankg > +0: like ssl upgrade of 2.2, perhaps this is a good reason to bring > httpd-2.4 to completion? vhost changes could be disruptive to > third party module authors. > -1: rpluem: jorton found some problems with the trunk version and > they > should be fixed / discussed in trunk before we backport. > pquerna: Until issues for this feature are fixed in trunk, we > can not > backport it. > > Can the various people above clarify exactly which issues are > outstanding for the above? > > Searching for jorton and SNI finds a whole lot of development > discussion, but no concise description of issues outstanding.
IMHO Joe had security concerns that different security sensitive SSL configurations on different name based virtual hosts do not work as expected and the configuration of the default host might apply. If the default host has less strict configuration settings this can open up unexpected security issues. But yes, I would love to see a list of the outstanding issues as well so that we can work on it. Currently SNI is on the top of my list for the upcoming Hackathon at AC EU. I hope to get hold of Joe there :-). Regards RĂ¼diger
