First, let’s say how people make SSL work today: they use an SSL proxy (it is common to use hardware SSL accelerators), or SSLtunnel as a frontend.

Second, SSL was implemented natively in G-WAN a long time ago (when native AES encryption was made available), but failure to find any compliance checking tool made us delay the experimental release because SSL is a very dangerous protocol (utterly and pointlessly complex, incompatible with itself depending on versions, full of corners making room for an infinite stream of security holes).

Before you disagree with that view, have a look at the security background of OpenSSL (or at its source code, which is even more scary).

That’s why keeping SSL outside of the G-WAN Core makes sense.

Third, as people asked us recurrently about hos to support SSL (and other protocols) with G-WAN, we have created Protocol handlers.

Connection handlers are used to alter the behavior of G-WAN. Unless properly used (to avoid the timeout you have hit) they will kill any non-HTTP conformant traffic. But they make people’s life much easier for trivial tasks.

Content-Type handlers are used to alter the delivery of a specific type of files (GIF, HTML, FLV, etc.).

Protocol handlers are the last addition, which make G-WAN able to do anything relying on TCP/IP (UDP might be for later).

We will try to document them as soon as other, more urgent, tasks are done.

We have found that using servlets and those 3 different kinds of handlers instead one single type of modules (the generic term for other servers like Apache or Nginx), makes user-developments easier, safer, and faster.