[sr-dev] TLS docs
Jan Janak
jan at ryngle.com
Sat Oct 10 14:51:27 CEST 2009
On Sat, Oct 10, 2009 at 2:21 PM, Andrei Pelinescu-Onciul
<andrei at iptel.org> wrote:
> On Oct 10, 2009 at 14:04, Jan Janak <jan at ryngle.com> wrote:
>> On Sat, Oct 10, 2009 at 1:58 PM, Olle E. Johansson <oej at edvina.net> wrote:
>> > ??<title><varname>config</varname> (string)</title>
>> > ?? ?? ?? ??<para>
>> > ?? ?? ?? ?? ?? ?? ?? ??Sets the name of the TLS specific config file.
>> > ?? ?? ?? ??</para>
>> > ?? ?? ?? ??<para>
>> > ?? ?? ?? ?? ?? ?? ?? ??If set the TLS module will load a special config file, in
>> > which different TLS parameters can be specified on a per role (server or
>> > client) and domain basis (for now only IPs). The corresponding module
>> > parameters will be ignored.
>> > ?? ?? ?? ??</para>
>> >
>> >
>> > Is this still valid - that we only configure tls on IP?
>>
>> Currently yes. It is on my todo list to extend the configuration file
>> syntax to also support server names, but I am not there yet.
>
> I think this is something that can wait. The server name extension is
> quite new in openssl (on by default since 1.0). I doubt there are many
> clients supporting it and unless all or most your clients support it is
It is also useful for server-to-server connections, there it allows
you to select and present the correct certificate. Even if you have no
clients that support it, you might still want to use the server name
extension for server-to-server connections.
Jan.
More information about the sr-dev
mailing list