Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 5780 invoked from network); 27 Oct 2008 12:16:18 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 27 Oct 2008 12:16:18 -0000 Received: (qmail 5507 invoked by uid 500); 27 Oct 2008 12:16:19 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 5434 invoked by uid 500); 27 Oct 2008 12:16:19 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 5425 invoked by uid 99); 27 Oct 2008 12:16:19 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 27 Oct 2008 05:16:19 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of covener@gmail.com designates 66.249.92.168 as permitted sender) Received: from [66.249.92.168] (HELO ug-out-1314.google.com) (66.249.92.168) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 27 Oct 2008 12:15:04 +0000 Received: by ug-out-1314.google.com with SMTP id c2so270242ugf.23 for ; Mon, 27 Oct 2008 05:15:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=RgkbxLo6o52Ydjex96RS/UtQqg4yoDODcS+2bUVIzdU=; b=wUFKT9Ge4gRNQK+QDoEAhmB2aNhrQ9qwF6E2hDVvtWNFmlFcdEEayv6YL3QG/K2hYz BCQ8CWKNYFdT5DiBpOFkh403/1Op6XJKI4siYQKLpBehIdCfqTAL/ZmQnwe32af5Wk1M cPF+X3CNO437MwuD3cpewczKMG0MgZiBAlZ2k= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=YqIEX7eRlca7fUM3Q37W7e+Nwj9GEVR/oy7+VABInoqRzTR1ocNDbN+RN2xPyXqRYU zbTvFTA3JFIJaNHE64bjOXN/QL+ENNtHYRaQ21RDft5G72FGFrFZA3bdojqFbiV0hzXK nEykpLb7wnliRPb3mhqarRDWLHgyHGYxpIj0M= Received: by 10.67.15.15 with SMTP id s15mr2008602ugi.28.1225109742980; Mon, 27 Oct 2008 05:15:42 -0700 (PDT) Received: by 10.67.16.19 with HTTP; Mon, 27 Oct 2008 05:15:42 -0700 (PDT) Message-ID: <1404e5910810270515j5f99f201x61e90b04e5af7848@mail.gmail.com> Date: Mon, 27 Oct 2008 08:15:42 -0400 From: "Eric Covener" To: dev@httpd.apache.org Subject: Re: current status of TLS/SNI In-Reply-To: <4905A8B4.4040705@iang.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <1224862561.92205.ezmlm@httpd.apache.org> <4905A8B4.4040705@iang.org> X-Virus-Checked: Checked by ClamAV on apache.org On Mon, Oct 27, 2008 at 7:40 AM, Ian G wrote: > >> Dr Stephen Henson wrote: > >> Ian G wrote: >>> But that it is now supported in OpenSSL (0.9.8 and beyond) ? >>> >> >> OpenSSL 0.9.9 (unreleased development version) has SNI support compiled >> in by default but that can be disabled. >> >> 0.9.8f and later do not have SNI by default but require the >> configuration option tlsext to be explicitly included. > > OK, I fixed it to reflect those points, and added some background > and explanation. > > http://en.wikipedia.org/wiki/Server_Name_Indication |No webserver is released with support for TLS/SNI, but Apache can be patched, see below. | |[edit] Servers | | * Apache with experimental mod_gnutls | * Cherokee if compiled with TLS support | * New versions of lighttpd 1.4.x and 1.5.x [5] | * Nginx with an accompanying OpenSSL built with SNI support | |[edit] huh? -- Eric Covener covener@gmail.com