Don't focus on a language only. Also look at a good framework. My advice is the Banshee PHP framework. It mainly focuses on security, which is the only important thing these days. I know this will be seen as spam, but do yourself a favor and just take a look at it for 15 minutes.

Whatever it is now, it should be dead. For the simple reason that Perl allows this kind of code:

$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map{$_%16or$t^=$c^=( $m=(11,10,116,100,11,122,20,100)[$_/16%8])$t^=(72,@z=(64,72,$a^=12*($_%16 -2?0:$m&17)),$b^=$_%64?12:0,@z)[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h =5;$_=unxb24,join"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$ d=unxV,xb25,$_;$e=256|(ord$b[4])

A very good part: Banshee PHP framework.

I know this post will be flagged as spam. But if you like PHP, I challenge you to give this framework a try. At least take a look at the online demo.

Yeah, tell that to the firewall administrator who thinks that opening an extra port is far more insecure than to tunnel that extra connection via HTTP. The IT world is defined by a mass amount of incompetent administrators and developers.

The biggest problem with SPDY is that it's a protocol by Google, for Google. Unless you are doing the same as Google, you won't benefit from it. In my free time, I'm writing an open source webserver and by doing so, I've encountered several bad things in the HTTP and CGI standard. Things can be made really more easy and thus faster if we, for example, agree to let go of this rediculous pathinfo, agree that requests within the same connection are always for the same host and make the CGI headers work better with HTTP.

You want things to be faster? Start by making things more simple. Just take a look at all the modules for Apache. The amount of crap many web developers want to put into their website can't be fixed by a new HTTP protocol.

We don't need HTTP/2.0. HTTP/1.3 with some things removed, fixed or at least have some vague things be specified more clearly, would be more than enough for 95% of all the websites.

http://regmedia.co.uk/2014/05/... says it all. Thinking that encrypting everything makes the internet more secure is really naieve.

Your story isn't about you messing up. It's about your boss failing hard at proper risk management. He's the one who should be fired for allowing a process in the company in which one person could do so much damage. Unfortunately, this happens still too often. Companies in which the mistake of one single person, the error of one single machine or the failure of one single process starts a chain reaction which causes heavy damage. Just take a look a look at the company you work for. I'm sure everybody can point out a machine or a person that will cause serious problems if that machine or person is not available for a certain amount of time.

They don't classify as terrorists if you ask me. Not every lunatic murderer is a terrorist.

Tell me, when was the last time terrorists did food poisoning?

Hmm, placed the PolarSSL link at the wrong place. I hate it when you can't edit your post.

Maybe it's time to realize that OpenSSL has become obsolute. For me it's totally unacceptable that even now the documentation is [STILL INCOMPLETE]. Instead of wasting time with cleaning up a pile of dirt, use that time to start supporting PolarSSL in all your applications. Its code is clean and it is well documented. Once you give PolarSSL a try, I'm sure you will wonder why the hell you were using OpenSSL all that time.

That escalated quickly...

Wasn't that the guy of the lamest vendor response in 2007? A little less harsh on your comment would be appropriate, mr. Theo.

Definitely PolarSSL.

Not GnuTLS, but PolarSSL. Reason for moving away from OpenSSL is because of it's horrible documentation. Or, better said, the lack of any documentation. Tried to implement SNI support in my open source web server (Hiawatha http://www.hiawatha-webserver....), but there was no proper documentation or example code available. With PolarSSL, it was done within a day. All other SSL features were implemented in a more cleaner way. No ugly callback stuff. Even with the OpenSSL 1.0.0 release some time ago their documentation was still incomplete. I seriously don't now how to take a piece of software (specially libraries) serious with proper and complete documentation. I believe proper documentation and support is even more essential to software than code quality.