httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <>
Subject Re: TLS/SNI status
Date Thu, 22 Jan 2009 21:03:55 GMT

On 01/22/2009 12:32 PM, Graham Leggett wrote:
> Gervase Markham wrote:
>> Short version: I am hoping to find out what the problems are with the
>> trunk version of TLS/SNI, how they can be fixed, and what the chances
>> are of a backport to 2.2.
> According to STATUS:
>       +1: fuankg
>       +0: like ssl upgrade of 2.2, perhaps this is a good reason to bring
>           httpd-2.4 to completion?  vhost changes could be disruptive to
>           third party module authors.
>       -1: rpluem: jorton found some problems with the trunk version and
> they
>                   should be fixed / discussed in trunk before we backport.
>           pquerna: Until issues for this feature are fixed in trunk, we
> can not
>                    backport it.
> Can the various people above clarify exactly which issues are
> outstanding for the above?
> Searching for jorton and SNI finds a whole lot of development
> discussion, but no concise description of issues outstanding.

IMHO Joe had security concerns that different security sensitive SSL configurations on
different name based virtual hosts do not work as expected and the configuration of the
default host might apply. If the default host has less strict configuration settings
this can open up unexpected security issues.
But yes, I would love to see a list of the outstanding issues as well so that we can work
on it.
Currently SNI is on the top of my list for the upcoming Hackathon at AC EU. I hope to get
hold of Joe there :-).



View raw message