httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" <madhusudan_mathiha...@hp.com>
Subject RE: mod_tls
Date Thu, 23 Aug 2001 16:47:45 GMT
Ok.. So, what you mean is to have 2 modules - (1). mod_ssl to implement the
HTTPS stuff, and (2). mod_tls which does just the SSL filtering. That's
great !!.. 

So, in that case, is it worthwhile to rename mod_tls to something like
ssl_filter and mod_ssl to mod_https ?.. 


Thanks
-Madhu


-----Original Message-----
From: Ryan Bloom [mailto:rbb@covalent.net]
Sent: Thursday, August 23, 2001 9:37 AM
To: dev@httpd.apache.org; MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
Subject: Re: mod_tls



Because mod_ssl only implements the SSL wrapping for HTTP.  The idea is that
the filters go in mod_tls, and mod_ssl just has the logic to make the
filters work 
for HTTP.  That way, SSL can work with POP3, NNTP, and the proxy.

Ryan

On Thursday 23 August 2001 09:33, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
wrote:
> Why ?..I see mod_ssl as a superset of mod_tls.. Both mod_tls and mod_ssl
> are capable of SSL & TLS protocol comm., and they both use the same
utility
> (OpenSSL) for achieving it..
> (AFAIK, mod_ssl goes a step further by being compatible with SSL-C).
>
> The only reason why mod_tls has to be maintained (if at all) is because
> it's a lot simple to understand and easier to manipulate..
>
> Just my thoughts..
> -Madhu
>
> -----Original Message-----
> From: Ryan Bloom [mailto:rbb@covalent.net]
> Sent: Thursday, August 23, 2001 7:55 AM
> To: dev@httpd.apache.org; Greg Ames
> Subject: Re: mod_tls
>
>
>
> At some point, the mod_ssl filters should be removed from mod_ssl, and put
> into mod_tls.  That way, the same filters can be used for the proxy, and
> other
> protocols, without the mod_ssl wrapper stuff.
>
> Ryan
>
> On Thursday 23 August 2001 06:41, Greg Ames wrote:
> > Cliff Woolley wrote:
> > > I'm sure this has been discussed, but someone please remind me what
was
> > > decided.  Are we going to continue to maintain mod_tls?  I'm sure
there
> > > are some changes that have been made to mod_ssl that would need to be
> > > ported over to mod_tls if we are.
> >
> > <disclaimer: definately not an expert on this stuff>
> >
> > I believe mod_tls is a layer that isolates mod_ssl from the filter chain
> > in 2.0.  So we need both.  If someone wrote an alterative to mod_ssl,
> > presumably that would use mod_tls as well.
> >
> > Greg

-- 

______________________________________________________________
Ryan Bloom                        	rbb@apache.org
Covalent Technologies			rbb@covalent.net
--------------------------------------------------------------

Mime
View raw message