httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gervase Markham <>
Subject TLS/SNI status
Date Thu, 22 Jan 2009 05:09:25 GMT

Short version: I am hoping to find out what the problems are with the
trunk version of TLS/SNI, how they can be fixed, and what the chances
are of a backport to 2.2.

Long version:

The Mozilla project is very interested in the wide and easy use of SSL,
and therefore the wide adoption of TLS/SNI, a TLS extension which
permits multiple SSL sites on a single IP. The lack of need for a static
IP, combined with very cheap certs, makes SSL accessible for almost
everyone. Support for TLS/SNI has been in Firefox since version 2.0, and
IE since version 7, and I believe is in all other major browsers. I
believe IIS supports it also.

As most of you will know, supporting it in Apache requires changes to
OpenSSL (which we funded, and which went into version 0.9.8f) and to the
httpd itself. These have now gone in to the trunk[0]. However, it's top
of the "STALLED" list in the 2.2 STATUS file[1], with a note talking
about "problems with the trunk version".

I'm hoping to learn about what those problems are, what the prospects
are for getting them resolved and then, assuming they are, what the
prospects are for a backport. (Notes in that STATUS file suggest that a
backport might not be appropriate even if the issues were fixed.)

Many thanks to anyone who can shed some light :-)



View raw message