-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gregory Maxwell wrote:
With protocol relatives, native HTTP support requires
solving:
1) Wildcard SSL certificates
2) Dumb SSL front-ending proxy to do crypto
3) Either making the load balancer highly IP-sticky *or* setting up
software for distributing the SSL session cache (i.e.
http://distcache.sourceforge.net/).
Doesn't a new HTTPS connection have to create a new SSL session? I'd
think you'd only get away with using the same session when reusing the
connection on keepalive, in which case it should just be staying open.
Or is the world of SSL far more strange and wonderful than I've
imagined... ;)
(Currently the SSL is done on a proxy in front of the regular web
servers; this is an Apache 2.2 proxy, rather than Squid, but it could be
any SSL-enabled proxy.)
- -- brion
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org
iEYEARECAAYFAkjFx20ACgkQwRnhpk1wk46zkACgq+2arU9hlOripRALsCP9Cxuk
ckMAn2x4gjLfZJ9mDOZu60D17f8a17xQ
=qRAl
-----END PGP SIGNATURE-----