implementing SNI
- From: freebsd@xxxxxxxxxx
- Date: Tue, 24 Aug 2010 12:57:07 -0700
Hello out there,
Implementing the SNI extension, to permit encrypted virtual web domain service, seems to be spreading.
I hope I'm not too far OT in asking this list for advice on making this transition on FreeBSD.
The first server to be migrated is currently running:
7.1-RELEASE-p13 with the base openssl 0.9.8.e and apache 2.2.13
Several options seem to be available:
1) upgrade the openssl in the existing 7.1 release
2) migrate to gnuTLS in the existing 7.1 release
3) upgrade freebsd to 8.1 with openssl 0.9.8n
I'm pre-inclined towards upgrading the OS to 8.1. The primary concerns I've considered revolve around moving the installed ports through this upgrade with minimal downtime.
Could anyone please offer advice on the openssl upgrade issues involved in such a migration?
In addition to apache, this server is a pretty loaded toaster, also hosting DNS with bind9, virtual mail domains with postfix, courier-imap/authlib, and mysql, and shell accounts via openssh.
A simpler question that I've been unable to resolve: Does the openssl of 8.1-RELEASE enable the TLS extensions, including SNI, by default? If I have to rebuild from source to enable this feature anyway, it takes some of the incentive out of migrating the OS now.
Thanks for any insight or experience you're able to share!
johnea
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: implementing SNI
- From: Xin LI
- Re: implementing SNI
- Prev by Date: Ruxcon 2010 Final Call For Papers
- Next by Date: Re: implementing SNI
- Previous by thread: Ruxcon 2010 Final Call For Papers
- Next by thread: Re: implementing SNI
- Index(es):
Relevant Pages
|
