Things for consideration: 1. "SSLOptions StdEnvVars" sets a range of variables unrelated to SSL. I think these should be provided by the server. 2. "SSLRequireSSL" is internally implemented on the deprecated "SSLRequire". Should we at least recommend in the documentation which "Require" configuration one should use instead? I think it is "Require ssl"? 3. If it is "Require ssl", this needs a authn provider "ssl" registered and there can only be one (I assume?). Should core override that and base its result on the new ap_ssl_conn_is_ssl(c) function?
- Stefan
