httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" <madhusudan_mathiha...@hp.com>
Subject RE: mod_tls
Date Wed, 29 Aug 2001 02:38:51 GMT
'not sure what you mean by "entire filter scheme" - if you're referring to
the proposal to seperate the HTTPS and the SSL filter logic - I'd rather
prefer to leave SSL as it is (especially if it works with other protocol
modules).. 

Thanks
-Madhu 

-----Original Message-----
From: Gonyou, Austin [mailto:austin@coremetrics.com]
Sent: Tuesday, August 28, 2001 1:08 PM
To: 'dev@httpd.apache.org'
Subject: RE: mod_tls


Kewl. Less maintenance all around. Is the entire filter scheme doomed like
this though?

-- 
Austin Gonyou
Systems Architect, CCNA
Coremetrics, Inc.
Phone: 512-796-9023
email: austin@coremetrics.com 

> -----Original Message-----
> From: Ryan Bloom [mailto:rbb@covalent.net]
> Sent: Tuesday, August 28, 2001 1:58 AM
> To: dev@httpd.apache.org; Doug MacEachern
> Cc: MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
> Subject: Re: mod_tls
> 
> 
> On Monday 27 August 2001 23:03, Doug MacEachern wrote:
> > On Thu, 23 Aug 2001, Ryan Bloom wrote:
> > > Because mod_ssl only implements the SSL wrapping for 
> HTTP.  The idea is
> > > that the filters go in mod_tls, and mod_ssl just has the 
> logic to make
> > > the filters work for HTTP.  That way, SSL can work with 
> POP3, NNTP, and
> > > the proxy.
> >
> > i think mod_ssl should work with all protocols (it works 
> with nntp right
> > now).  mod_ssl provides features such as:
> > CRLs
> > session caching
> > per-location renegotation
> > SSLRequire
> > logging
> > var lookups
> > and so on that are not http specific.
> >
> > there is a bit more effort to get a protocol module such as 
> nntp working
> > both with and without ssl.  for example with nntp when the 
> first client
> > connects it does not send a request (like http clients do), 
> but awaits a
> > 200 - ready response.  to work with ssl, an nntp protocol 
> module needs to
> > first call get_brigade to trigger the initial ssl 
> negotiation.  but the
> > same issue is there with mod_tls.   personally, i don't 
> think its worth
> > the effort to maintain both mod_tls and mod_ssl.  effort 
> would be better
> > spent modularizing mod_ssl to support other protocols if needed.
> 
> Cool, if this works, then we should just ditch mod_tls.
> 
> Ryan
> 
> ______________________________________________________________
> Ryan Bloom                        	rbb@apache.org
> Covalent Technologies			rbb@covalent.net
> --------------------------------------------------------------
> 

Mime
View raw message