Saturday, 3 May 2008

Nerd dump

I picked up three O’Reilly Short Cut PDFs last night on some topics of great interest to me personally or professionally.

What’s New in Apache Server 2.2 is a pretty good introduction to some topics I have been familiar with but never used effectively or investigated. Of particular note is mod_ssls support for TLS upgrade:


mod_ssl now supports TLS upgrade. This allows an unencrypted connection to be upgraded to a secure connection. Among other benefits, this removes the restriction to one SSL host per IP address that has traditionally applied to SSL.

Unfortunately, this is not yet widely supported by browsers, and so it is of limited value. However, the presence of a server implementation should encourage browser developers to implement this functionality.

This is a very important feature. If you’ve ever had to budget IPs and SSL certs costs then the impact of this feature is big. But alas, I can’t find the list of supporting browsers to share.


TLS Upgrade is better known as RFC 2817. Indeed, it is not widely supported by browsers. Firefox 2 and IE 7 do not. Firefox 3 will. IE 7 never. Not sure about Safari. But it seems that RFC 3546 has more adherents. FF2, IE7 already support RFC 3546 (Safari again absent), which specifies a Server-Name-Indicator (SNI), not unlike the Host header today in HTTP/1.1. SNI support is provided in Apache 2.2 through mod_gnutls. mod_gnutls is still immature, though actively developed.

The caveat to this entire discussion then is: Use at your own risk. And if you work at a bank, don't use at all. ~o) Zazzle Store Online

A close friend of mine is a senior committer to CVS and runs Ximbiot LLC, the premiere CVS support company. He just sent me a sample of his new Zazzle line of tees and mugs. Check it out at Some great message tees for the geek.

And you wondered why I discuss arcane topics like source control on this blog. D’uh.

Posted by caffeinated at 10:38 AM in nerdery
« May »