httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ryan Bloom <...@covalent.net>
Subject Re: mod_tls
Date Tue, 28 Aug 2001 06:58:13 GMT
On Monday 27 August 2001 23:03, Doug MacEachern wrote:
> On Thu, 23 Aug 2001, Ryan Bloom wrote:
> > Because mod_ssl only implements the SSL wrapping for HTTP.  The idea is
> > that the filters go in mod_tls, and mod_ssl just has the logic to make
> > the filters work for HTTP.  That way, SSL can work with POP3, NNTP, and
> > the proxy.
>
> i think mod_ssl should work with all protocols (it works with nntp right
> now).  mod_ssl provides features such as:
> CRLs
> session caching
> per-location renegotation
> SSLRequire
> logging
> var lookups
> and so on that are not http specific.
>
> there is a bit more effort to get a protocol module such as nntp working
> both with and without ssl.  for example with nntp when the first client
> connects it does not send a request (like http clients do), but awaits a
> 200 - ready response.  to work with ssl, an nntp protocol module needs to
> first call get_brigade to trigger the initial ssl negotiation.  but the
> same issue is there with mod_tls.   personally, i don't think its worth
> the effort to maintain both mod_tls and mod_ssl.  effort would be better
> spent modularizing mod_ssl to support other protocols if needed.

Cool, if this works, then we should just ditch mod_tls.

Ryan

______________________________________________________________
Ryan Bloom                        	rbb@apache.org
Covalent Technologies			rbb@covalent.net
--------------------------------------------------------------

Mime
View raw message