httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Olaf van der Spek <olafvds...@gmail.com>
Subject Re: [users@httpd] Limiting SSL to a specific virtual host
Date Tue, 08 Nov 2005 10:00:56 GMT
On 11/8/05, Boyle Owen <Owen.Boyle@swx.com> wrote:
> The point about Apache 2.1 is that it includes a new module (as mentioned by Nick) which
supports a new extension to TLS. This allows for "Server Name Indication" where the client
tells the server what hostname it wants to connect to. Basically, it copies the Hostname up
from the HTTP layer into the HTTPS layer making it visible to the TLS negotiation phase. When
this is fully supported by browsers (NB - it's the browser that starts the conversation so
it has to be aware of this new extension), then NBVH will be possible in SSL/TLS.

Are you sure you're not confused yourself too?
Which module would that be?

> mod_ssl Added a support for RFC 2817, which allows connections to upgrade from clear
text to TLS encryption.

This one allows a HTTP connection (on port 80) to be upgraded to HTTPS
(in the same TCP connection).
What you are describing is an extension to TLS (that'll work for all
protocols), but I'm not sure if Apache supports that.
Mime
View raw message