httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Patryk Szczygłowski" <patryk.szczyglow...@gmail.com>
Subject Re: Name based virtual host ssl clever solution
Date Sun, 23 Nov 2008 12:47:17 GMT
On Sat, Nov 15, 2008 at 03:21, Jeff Sadowski <jeff.sadowski@gmail.com> wrote:
>
> I think I just came up with a clever solution. However web browsers
> will have to support srv records
> the problem with virtual hosts is that you can have only one ssl
> certificate per port (443)
> because ssl requires it encrypted before it sends any other information.
> A solution is to run a different key on different ports thus it could
> distinguish via port what key to encrypt with
> https://onedomain.com:443
> https://twodomain.com:444
>
> by default a web browser goes to port 443 for https
> Now if a web browser followed the rules of svr records you could tell
> the web browser to go to a different port using srv records
>
> _https._tcp.onedomain.com SRV 443
> _https._tcp.twodomain.com SRV 444
>
> then again if the web browser follows SRV records it should
> automatically go to the right port for ssl and you can have an ssl
> connection to a virtual host each host with its own certificate.

Yes, idea is good...

I've found several Internet Drafts about this topic, but none of them
got released as RFC so far:
http://tools.ietf.org/html/draft-andrews-http-srv-01
http://tools.ietf.org/html/draft-jennings-http-srv-00

I'm not sure if any browser available currently support this, but I
suppose none. Maybe if it became RFC, you might get Mozilla folks
interested with this :)

--
Patryk Szczygłowski
patryk.szczyglowski@gmail.com
JID/mail: patryk@patryk.net.pl
P. J. O'Rourke  - "Never wear anything that panics the cat."
Mime
View raw message