continuing ... 2017-12-04 9:21 GMT+01:00 Lukas Tribus <[email protected]>: > More specifically this requires SSL renegotiation, which has been > removed in TLSv1.3 to further simplify things, so even Apache won't be > able to do this once you upgrade to TLSv1.3. > > So really this should not be used ...
... otherwise you'd box yourself in a corner with Apache and TLSv1.2. Use a dedicated subdomain/certificate/bind configuration to avoid needless browser dialogs with "verify optional". That's the only portable and future proof way. Lukas
