httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian G <i...@iang.org>
Subject Re: Name based virtual host ssl clever solution
Date Sun, 23 Nov 2008 23:08:20 GMT

> I'm not sure if any browser available currently support this, but I
> suppose none. Maybe if it became RFC, you might get Mozilla folks
> interested with this :)

As far as I know, Mozilla guys are hanging out for TLS/SNI, as is the 
rest of the world.  They and the other browsers have been ready for 
ages.   There was a big push around 2005-2006 to get over to full TLS 
because of SSLv2 bug and the emergence of phishing as an MITM.

TLS/SNI is the "real fix" for the bug, whereas other tricks (and there 
are quite a few of them) are all suspect for one reason or another; 
when you try them you discover what goes wrong.  There's a list of 
possibilities here:

http://wiki.cacert.org/wiki/VhostTaskForce
http://en.wikipedia.org/wiki/Server_Name_Indication

TLS/SNI is working in Apache httpd, and has been for a while, but is 
unreleased.  I don't know or understand the reason for that.



iang

Mime
View raw message