I'm trying out mod_gnutls and I really like what I see. I installed it on a debian lenny machine without any problems - I'm even using my own self-signed certificate. :-)
What I'm really excited about is its support for SNI:
http://www.outoforder.cc/projects/apache/mod_gnutls/sni/
Yay! I just tried it out and it works! At least with Firefox 3, haven't tried anything else out yet....
So mod_gnutls is in testing, but its an older version. There is another much newer version in sid, but I'm not going there yet. It looks like its actively managed so I won't stress it.
I'm probably not expressing the significance of this tool - its huge! The ability to serve SSL virtual hosts on a single IP addess is phenomenal.
Problems:
[Fri Mar 28 20:28:05 2008] [error] GnuTLS: Hanshake Alert (20) 'Bad record MAC'. [Fri Mar 28 20:28:05 2008] [error] [client 192.168.1.174] GnuTLS: Handshake Failed (-12) 'A TLS fatal alert has been received.'
[Fri Mar 28 19:40:32 2008] [error] GnuTLS: Hanshake Alert (10) 'Unexpected message'. [Fri Mar 28 19:40:32 2008] [error] [client 192.168.1.174] GnuTLS: Handshake Failed (-12) 'A TLS fatal alert has been received.' [Fri Mar 28 19:49:09 2008] [notice] child pid 1711 exit signal Segmentation fault (11)
I finagled 0.5.1 onto my server from sid and its working great! Its setup with some lighter weight encryption and is working really well now. No errors so far... well I am getting these errors in the logs:
[Sun Mar 30 00:40:17 2008] [error] [client 192.168.8.1] GnuTLS: Handshake Failed. Hit Maximum Attempts [Sun Mar 30 00:40:22 2008] [error] [client 192.168.8.1] GnuTLS: Handshake Failed. Hit Maximum Attempts [Sun Mar 30 00:40:27 2008] [error] [client 192.168.8.1] GnuTLS: Handshake Failed. Hit Maximum Attempts
but they don't seem to affect the browser.
¥