Skip to content

Apache 2.2 is Out

The earth-shattering feature of Apache 2.2 is RFC 2817 SSL Upgrade. Basically, any HTTP connection can upgrade itself to HTTPS without reestablishing.

<p>This means you can do SSL on virtual hosts without a dedicated IP address.  This will greatly increase the penetration of SSL (plus free certs like CaCert) and encryption in general.  The $5/mo webhosters will be able to offer SSL to clients.  Ubiquitous encryption considered good.</p>
<p>This is, of course, a Catch-22 - there are no browsers with the capability yet (let’s get Mozilla going…) but this is the necessary first step.  Come back in a couple years and see how things are going.</p>
<p>Oh, and I’m happy about the Cookie proxying patches which I reported against 2.0 but were applied to 2.1.  This is the only Apache feature I’ve ever had a hand in designing so I’m happy to see it available.  Basically, anything you do with cookies (paths, domains) should be properly proxied now.  I’ve been waiting for this for a long time.  Yay!