Ralf S. Engelschall wrote:
> Don't look at Microsoft papers when you want to understand anything, please.
> Instead look inside the SSLv3 spec or the TLSv1 RFC. Yes, the stuff is called
> renegotation of parameters and is nothing more than a new SSL handshake, of
> course. The interesting point is just that an SSL handshake can occur at any
> time and not only at startup of a new connection ;-)
>
I've some experience with another web server and IE clients. IE seems to
renegotiate
very often which is, maybe good when looking at security, but performance suffers
and if you plan to use the SSL session id for logging or just tracking sessions,
you can
just forget it... ;-(
A couple of weeks ago I managed to tag my CA certificate according to your
instructions in the README.GlobalID document - which is really a very good
and well written document! But it didn't work when I put the pieces together using
Apache/1.3.4 and mod_ssl/2.1.8. It went quite fast and I should try it again this
easter, but do you (or any one else) have any other tips/experiences which isn't
mentioned in the documents?
--Patrik
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
