2817-style upgrades were added to mod_ssl I think purely as a
well-intentioned (but perhaps naive) attempt to solve the SSL vs
name-based virtual hosting problem, which is something we see Apache
users ask for, and get confused by, almost daily. I agree it is
basically useless: you didn't
Rich Megginson wrote:
Nelson B. Bolyard wrote:
One more thing: http upgrade is EVIL. :-/
Why? And does that apply to LDAP upgrade as well? Because the
recommended way to use TLS with LDAP is to use the startTLS extended
operation on the unsecure port to upgrade the connection to TLS.
The goal of this topic to get a wide range of opinions about the
current status/problems of SSL/TLS upgrades. I saw an old, very
long discussion about TLS upgrades as specified by the much disliked
RFC2817 :) I have been meaning to post something here to see if
the same arguments and concerns
3 matches
Mail list logo
