httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaspar Brand <>
Subject Re: mod_ssl and pkcs11
Date Thu, 28 Nov 2013 05:41:10 GMT
On 27.11.2013 15:33, Dr Stephen Henson wrote:
> On 27/11/2013 12:26, Nick Gearls wrote:
>> Maybe it's time to remove all redundant code in mod_ssl and use all features of
>> OpenSSL; PKCS#11 will then be automatically supported and the maintenance of
>> mod_ssl will be simplified a lot.
> PKCS#11 support isn't native in OpenSSL though some third party ENGINEs do
> include partial support.
> Completely transparent support is tricky (and in some cases impossible) due
> several factors including the way PKCS#11 handles fork().

Right, that's also the major topic which is elaborating on.

According to, some
fixes for
might make it into PKCS#11 v2.40.

Engine PKCS#11 ( hasn't seen
much activity since 2010, are you aware of alternatives?


View raw message