Joe Orton wrote:
Making sure that mod_ssl's existing access control options work
correctly in an SNI configuration is the critical item (and has proven
to be non-trivial), otherwise it opens up security holes.
Kaspar Brand did a bunch of great work on this last year; I have not had
time to f
On Thu, Jan 22, 2009 at 04:09:25PM +1100, Gervase Markham wrote:
> Short version: I am hoping to find out what the problems are with the
> trunk version of TLS/SNI, how they can be fixed, and what the chances
> are of a backport to 2.2.
Making sure that mod_ssl's existing access control options wo
On 01/22/2009 12:32 PM, Graham Leggett wrote:
> Gervase Markham wrote:
>
>> Short version: I am hoping to find out what the problems are with the
>> trunk version of TLS/SNI, how they can be fixed, and what the chances
>> are of a backport to 2.2.
>
> According to STATUS:
>
> +1: fuankg
Gervase Markham wrote:
Peter Sylvester wrote:
As most of you will know, supporting it in Apache requires changes to
OpenSSL (which we funded, and which went into version 0.9.8f) and to the
httpd itself.
I am certainly not one of those "most".
I apologise for the ambiguity; I
Gervase Markham wrote:
Short version: I am hoping to find out what the problems are with the
trunk version of TLS/SNI, how they can be fixed, and what the chances
are of a backport to 2.2.
According to STATUS:
+1: fuankg
+0: like ssl upgrade of 2.2, perhaps this is a good reason t
Peter Sylvester wrote:
>> As most of you will know, supporting it in Apache requires changes to
>> OpenSSL (which we funded, and which went into version 0.9.8f) and to the
>> httpd itself.
> I am certainly not one of those "most".
I apologise for the ambiguity; I meant to say that most of you w
Gervase Markham wrote:
As most of you will know, supporting it in Apache requires changes to
OpenSSL (which we funded, and which went into version 0.9.8f) and to the
httpd itself.
I am certainly not one of those "most". I am not aware about
external funding for the pieces mentioned in the
CHA
Hi,
Short version: I am hoping to find out what the problems are with the
trunk version of TLS/SNI, how they can be fixed, and what the chances
are of a backport to 2.2.
Long version:
The Mozilla project is very interested in the wide and easy use of SSL,
and therefore the wide adoption of TLS/S