httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Doug MacEachern <do...@covalent.net>
Subject Re: mod_tls
Date Tue, 28 Aug 2001 06:03:40 GMT
On Thu, 23 Aug 2001, Ryan Bloom wrote:

> 
> Because mod_ssl only implements the SSL wrapping for HTTP.  The idea is that
> the filters go in mod_tls, and mod_ssl just has the logic to make the filters work 
> for HTTP.  That way, SSL can work with POP3, NNTP, and the proxy.

i think mod_ssl should work with all protocols (it works with nntp right
now).  mod_ssl provides features such as:
CRLs
session caching
per-location renegotation
SSLRequire
logging
var lookups
and so on that are not http specific. 

there is a bit more effort to get a protocol module such as nntp working
both with and without ssl.  for example with nntp when the first client
connects it does not send a request (like http clients do), but awaits a
200 - ready response.  to work with ssl, an nntp protocol module needs to
first call get_brigade to trigger the initial ssl negotiation.  but the
same issue is there with mod_tls.   personally, i don't think its worth
the effort to maintain both mod_tls and mod_ssl.  effort would be better
spent modularizing mod_ssl to support other protocols if needed.


Mime
View raw message