-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Gregory Maxwell wrote:
With protocol relatives, native HTTP support requires solving:
- Wildcard SSL certificates
- Dumb SSL front-ending proxy to do crypto
- Either making the load balancer highly IP-sticky *or* setting up
software for distributing the SSL session cache (i.e. http://distcache.sourceforge.net/).
Doesn't a new HTTPS connection have to create a new SSL session? I'd think you'd only get away with using the same session when reusing the connection on keepalive, in which case it should just be staying open.
Or is the world of SSL far more strange and wonderful than I've imagined... ;)
(Currently the SSL is done on a proxy in front of the regular web servers; this is an Apache 2.2 proxy, rather than Squid, but it could be any SSL-enabled proxy.)
- -- brion