> On Aug 5, 2015, at 4:10 AM, Bret Palsson <bre...@gmail.com> wrote: > > The problem with reloading SSL configuration is if there is a problem with > one of your certs, say a permission issue, ATS will unload all the certs > from the running process and still accept traffic causing SSL errors.
That sounds like a bug. :) Maybe this is an OpenSSL misfeature? Or is it an ATS problem? In general, the way config reloads in ATS works is that they either completely succeeds or completely fail. Maybe that’s not possible with the certs? It’s a real shame that it’d leave the server in this indeterminate state while reloading. Susan or James, can we fix / improve that? — leif
