It turned out that the issue with PolarSSL 1.3 in the rc0 release was because how PolarSSL 1.3 was compiled by Hiawatha, which is a bit different that with PolarSSL 1.2. This has been fixed in the rc1 release. I've also included keep-alive connections for the reverse proxy in Hiawatha.
Please, test this 9.3-rc1 release and inform me about any issues. If no issues are reported before next sunday, I will then release 9.3
Update (15 oct 2013):
PolarSSL 1.3.1 has been released. To use this new SSL library, go to the directory polarssl inside the source package and run './upgrade 1.3.1'
Second update (19 oct 2013):
There still is a bug in PolarSSL, so no Hiawatha release this weekend.
I've releases the first release candidate for Hiawatha 9.3. This release brings you PolarSSL 1.3 which includes support for elliptic curve cryptography. However, there still seems to be a small bug in PolarSSL 1.3 which sometimes causes problems during the SSL handshake. Because the problem is hard to reproduce, it's also hard to find the cause.
The weird thing about the issue is that when a browser shows an error when connecting to a website via SSL, an SSL connection to another website on the same server might work very well. This indicates an issue with SNI. It's also possible that when a connection to a website via SSL with one browser fails, it might work very well with another browser.
The PolarSSL developer is currently looking into this issue and I hope he finds a solution soon. If you have any information that might be helpful to solve this issue, please let us know. Hiawatha 9.3-rc0 can be downloaded here.
Mozilla finally decided to include TLS/1.1 support in Firefox. However, most users won't benefit from this support, because it's disabled by default and enabling is not many people will and can do. To enable TLS/1.1 support, use "about:config" in the URL bar and search for the security.tls.version.max setting. Set its value to 2 (default is 1).
Happy secure browsing!
A friend of mine created a new website for Grubby, a Dutch professional gamer for WarCraft 3 and StarCraft 2. This PHP website is hosted on a quad-core VPS with 8 GB RAM. During busy moments, the server has a thousand simultaneous connections. During testing, the server had about 600 simultaneous connections, which caused a load of 2.7* on the VPS.
This load was expected, so the website was built to make use of Hiawatha's CGI-caching feature. Each page that is generated by PHP will be cached by Hiawatha when the PHP script allows it. The pages were only cached for a few seconds, but this caused the load to drop to 0.05. Even with more than thousand simultaneous connections!
So, if you have ever asked yourself if Hiawatha is capable of serving heavy traffic website, the answer is definitely: yes!
*) For people who don't know what this number means; it's the number of required CPU's to handle the load. So, a load of 1 on a single core system means the machine is 100% busy, just like a load of 2 on a dual-core system.