On Thu, Jan 22, 2009 at 04:09:25PM +1100, Gervase Markham wrote: > Short version: I am hoping to find out what the problems are with the > trunk version of TLS/SNI, how they can be fixed, and what the chances > are of a backport to 2.2.
Making sure that mod_ssl's existing access control options work correctly in an SNI configuration is the critical item (and has proven to be non-trivial), otherwise it opens up security holes. Kaspar Brand did a bunch of great work on this last year; I have not had time to fully review and integrate that yet. There is an outstanding patch from Kaspar which is not on the trunk yet, the thread below has the details: http://thread.gmane.org/gmane.comp.apache.devel/34360/focus=34493 Regards, Joe
