httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: SSL + name based virtual hosting
Date Fri, 17 Dec 2004 07:39:02 GMT
At 10:27 PM 12/16/2004, Enrico Weigelt wrote:

>Hi folks,
>
>is name based virtual hosting ig. generally possible with SSL/https ?

It's simultaneously impossible and entirely doable.

https handshakes to a cert's common name before the Host:
name field is determined, which is guaranteed to be wrong
for any explicit ssl cert other than the explicit name.

Using a wildcard cert, this simply works, as long as the
common name pattern matches all server names.

Using another spec, connection upgrade TLS, it works perfectly,
but that spec is only supported by some printer drivers.  No
http client supports TLS upgrade that I'm aware of.

Bill


Mime
View raw message