I’m trying out mod_gnutls and I really like what I see. I installed it on a debian lenny machine without any problems - I’m even using my own self-signed certificate. :-)

What I’m really excited about is its support for SNI:

http://www.outoforder.cc/projects/apache/mod_gnutls/sni/

Yay! I just tried it out and it works! At least with Firefox 3, haven’t tried anything else out yet….

So mod_gnutls is in testing, but its an older version. There is another much newer version in sid, but I’m not going there yet. It looks like its actively managed so I won’t stress it.

I’m probably not expressing the significance of this tool - its huge! The ability to serve SSL virtual hosts on a single IP addess is phenomenal.

Problems:

[Fri Mar 28 20:28:05 2008] [error] GnuTLS: Hanshake Alert (20) 'Bad record MAC'.
[Fri Mar 28 20:28:05 2008] [error] [client 192.168.1.174] GnuTLS: Handshake Failed (-12) 'A TLS fatal alert has been received.'
[Fri Mar 28 19:40:32 2008] [error] GnuTLS: Hanshake Alert (10) 'Unexpected message'.
[Fri Mar 28 19:40:32 2008] [error] [client 192.168.1.174] GnuTLS: Handshake Failed (-12) 'A TLS fatal alert has been received.'
[Fri Mar 28 19:49:09 2008] [notice] child pid 1711 exit signal Segmentation fault (11)

I finagled 0.5.1 onto my server from sid and its working great! Its setup with some lighter weight encryption and is working really well now. No errors so far… well I am getting these errors in the logs:

[Sun Mar 30 00:40:17 2008] [error] [client 192.168.8.1] GnuTLS: Handshake Failed. Hit Maximum Attempts
[Sun Mar 30 00:40:22 2008] [error] [client 192.168.8.1] GnuTLS: Handshake Failed. Hit Maximum Attempts
[Sun Mar 30 00:40:27 2008] [error] [client 192.168.8.1] GnuTLS: Handshake Failed. Hit Maximum Attempts

but they don’t seem to affect the browser.

¥