pike.git / lib / modules / SSL.pmod / Notes.txt

version» Context lines:

pike.git/lib/modules/SSL.pmod/Notes.txt:219:       Servers with different certificates and parameters can sit on    the same port with different SNI, or with different ALPN. We    should make it possible to select Context based on negotiation    (made tricky, as the negotiation depends on the Context).       It should be possible to lazy load certificates to increase    startup time and reduce memory usage for servers with many    sites. Dynamic loading and unloaded could be part of the same    mechanism as the Context selection mentioned above. +  +  Truncated HMAC is only supported on the server side. It has +  however been mentioned on the IETF TLS mailing list that there +  are security issues with truncated HMAC, so this is only +  lacking for completeness.