FYI: mod_ssl 2.2 dev-cycle started

Wed, 27 Jan 1999 08:00:49 -0500 


For your information: I'm today officially entered the mod_ssl 2.2 development
cycle, because the changes I've already prepared for 2.2 over the last two
months now need a real-life test-bed. Instead of providing beta-releases as
for 2.1 in the past, this time I will use a different approach:

I'll start directly with mod_ssl 2.2.0, which will already include a few more
stable features since 2.1.8 (mainly SSLRandomSeed, --enable-rule=SSL_SDBM,
etc.), but will be mostly the same as 2.1.8. So there will be no heavy upgrade
for mod_ssl 2.2 for you, because the transition will be done smoothly. How?
All still not to be proofed stable features will be encapsulated in
SSL_EXPERIMENTAL #defines and are per default _disabled_ for 2.2.X unless
they proofed to be stable. When you want to use/test them all you need is
to built mod_ssl 2.2 with --enable-rule=SSL_EXPERIMENTAL.

This way I think I can serve all needs at once with a single mod_ssl version: 

 1. production machines can run a stable mod_ssl per default
 2. development machines can be run with new features on-demand
 3. I don't have to maintain two branches myself

I hope this decision is appreciated by you.

Now to the technical plans for mod_ssl 2.2: This version will bring a few new
nifty features over the time. The most important ones I quickly summarize for
you:

 1. per-directory renegotation of SSL protocol ingredients
 2. explicit seeding for the PRNG: from internal, from file, from program
 3. Diffie-Hellman/DSA support in addition to RSA
 4. shared memory pools => full HTML status pages, in-core session cache
 5. virtual host configuration reduction via SSLListen 

Mostly 95% of this functionality is already implemented for 2.2, but some of
them (e.g. the DH/DSA and SHM stuff) needs more tweaking to be fully
functional.

Please drop me a short note whether this approach for mod_ssl 2.2 actually
serves your needs or is against your wishes.

                                       Ralf S. Engelschall
                                       [EMAIL PROTECTED]
                                       www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl)   www.engelschall.com/sw/mod_ssl/
Official Support Mailing List               [EMAIL PROTECTED]
Automated List Manager                       [EMAIL PROTECTED]

Reply via email to