SSL SNI support

Cloudflare now provides free SSL https://www.cloudflare.com/ssl with
one-click, on free cloudflare accounts. This is an easy way to get SSL
working for a custom ODK Aggregate installation, however, they use SSL SNI
http://en.wikipedia.org/wiki/Server_Name_Indication, which does not seem
to be supported by ODK Collect at this time. It would be great if it could
be supported. I found this which may help:

http://blog.dev001.net/post/67082904181/android-using-sni-and-tlsv1-2-with-apache

Note that if Aggregate is behind Cloudflare's network, posting submissions
has a timeout of about 2-5 minutes in my testing (timeout occurs on
Cloudflare's network) which may be an issue for those posting photos on
very slow connections.

Gregor

I created an issue to hold this info (
https://code.google.com/p/opendatakit/issues/detail?id=1121 ).

ODK Collect uses a stock Apache HttpClient 4.2.1 library with package
renaming.

Looks like this feature would require upgrading to HttpClient 4.3.2?

If anyone wants to upgrade the library and make the changes, I will fold
them into the main codebase. Attached to the issue is the bash script that
I used to do the original package renaming (snarfed from some googlecode
project that I can no longer locate).

ยทยทยท On Sun, Mar 22, 2015 at 6:54 PM, Gregor MacLennan < gmaclennan@digital-democracy.org> wrote:

Cloudflare now provides free SSL https://www.cloudflare.com/ssl with
one-click, on free cloudflare accounts. This is an easy way to get SSL
working for a custom ODK Aggregate installation, however, they use SSL SNI
http://en.wikipedia.org/wiki/Server_Name_Indication, which does not
seem to be supported by ODK Collect at this time. It would be great if it
could be supported. I found this which may help:

http://blog.dev001.net/post/67082904181/android-using-sni-and-tlsv1-2-with-apache

Note that if Aggregate is behind Cloudflare's network, posting submissions
has a timeout of about 2-5 minutes in my testing (timeout occurs on
Cloudflare's network) which may be an issue for those posting photos on
very slow connections.

Gregor

--
You received this message because you are subscribed to the Google Groups
"ODK Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to opendatakit-developers+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
Mitch Sundt
Software Engineer
University of Washington
mitchellsundt@gmail.com