Weblog
The biggest change in this release is the updated version of PolarSSL and the support for its new features. This new version of PolarSSL brings TLS1.2, secure renegotiation and Server Name Indication support. I really love how easy it was to include support for these new features in Hiawatha. Taking a look at the API in the header files was enough to understand how it works. Compare that to OpenSSL and it's easy to chose the winner. I hereby congratulate and thank Paul Bakker, the author of PolarSSL, for this great SSL library!
Hiawatha now has an option to set the minimal supported SSL/TLS version. I've used SSL Labs to test Hiawatha for any SSL implementation errors. With MinSSLversion set to TLS1.0, I got a score of 90%, set to TLS1.1, I got a score of 96% and set to TLS1.2, I got a score of 97%. The only thing I needed for a 100% score was a 4096-bits certificate instead of a 2048-bits certificate. Well, I can think I can live with a score of 97%.
With the mininal SSL version support set to SSL3.0 or TLS1.0, Hiawatha prefers the usage of RC4 to mitigate the BEAST attack. When set to TLS1.1 or TLS1.2, Hiawatha prefers AES256. The only thing we need right now is TLS1.1 support in Firefox. Internet Explorer supports TLS1.2, Chrome supports TLS1.1, Opera supports TLS1.2 (although disabled by default). Only Firefox is still stuck at TLS1.0.
Built upon the Banshee PHP framework.
SNI is really nice to have; the TLS support sounds great.
I am looking forward to start using the new version.
Thanks again.
Yassen
I upgraded using dpkg -i on Ubuntu Server 12.04 LTS (thanks Samiux). Noticed that the php-fcgi.conf tool has been deprecated (according to the notes in the file. I've installed pho-fpm, is there any documentation that goes over how to enable/configure php-fpm for hiawatha? So far, all I've been able to determine by testing alone is to comment out the follwing entry in my virtual sites.
UseFastCGI = PHP5
Thanks,
Ron
And I await with interest for your howto ;P