Hello out there,
Implementing the SNI extension, to permit encrypted virtual web domain service,
seems to be spreading.
I hope I'm not too far OT in asking this list for advice on making this
transition on FreeBSD.
The first server to be migrated is currently running:
7.1-RELEASE-p13 with the base openssl 0.9.8.e and apache 2.2.13
Several options seem to be available:
1) upgrade the openssl in the existing 7.1 release
2) migrate to gnuTLS in the existing 7.1 release
3) upgrade freebsd to 8.1 with openssl 0.9.8n
I'm pre-inclined towards upgrading the OS to 8.1. The primary concerns
I've considered revolve around moving the installed ports through this
upgrade with minimal downtime.
Could anyone please offer advice on the openssl upgrade issues involved in such
a migration?
In addition to apache, this server is a pretty loaded toaster, also hosting DNS
with bind9, virtual mail domains with postfix, courier-imap/authlib, and mysql,
and shell accounts via openssh.
A simpler question that I've been unable to resolve: Does the openssl of
8.1-RELEASE enable the TLS extensions, including SNI, by default? If I have to
rebuild from source to enable this feature anyway, it takes some of the
incentive out of migrating the OS now.
Thanks for any insight or experience you're able to share!
johnea