httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Covener" <cove...@gmail.com>
Subject Re: [users@httpd] Re: HTTPS connexion on the port 80
Date Mon, 10 Nov 2008 23:31:07 GMT
On Mon, Nov 10, 2008 at 5:00 PM, David BERCOT <debian@bercot.org> wrote:
> Le Mon, 10 Nov 2008 15:55:17 -0500,
> Dan Poirier <poirier@pobox.com> a écrit :
>> David BERCOT <debian@bercot.org> writes:
>> > Le Mon, 10 Nov 2008 06:59:54 -0500,
>> > "Eric Covener" <covener@gmail.com> a écrit :
>> >> On Mon, Nov 10, 2008 at 2:03 AM, David BERCOT <debian@bercot.org>
>> >> wrote:
>> >>
>> >> > Yes, but no ;-)
>> >> > I want https traffic on port 80, nor 443 !!!
>> >>
>> >> You can't do that, because the client needs to know whether to
>> >> speak http or https as soon as they send any data, and apache
>> >> won't just try to interpret it either way.
>> >
>> > But the client knows what to speak because I tell him :
>> > httpS://site3.mondomaine:80/
>>
>> Apache needs to know too.  It can't see the Host passed from the
>> client until it has already started reading the request, which it
>> can't do until it has done an SSL handshake.  How would it know
>> whether to do that or not, if port 80 is getting both SSL and non-SSL
>> connections?
>
> May be my knowledge of Apache configuration is not good, but there are
> specific directives for SSL :
>
> HTTP site :
> <VirtualHost *:80>
>        ServerName site1.mondomaine.org
>        DocumentRoot /site1
> </VirtualHost>
>
> HTTPS site :
> <VirtualHost *:80>
>        ServerName site2.mondomaine.org
>        DocumentRoot /site2
>        SSLEngine on
>        SSLCertificateFile /ssl/site2.cert
>        SSLCertificateKeyFile /ssl/site2.key
> </VirtualHost>
>
> I think that Apache knows that site1 is only HTTP and site2 is HTTPS.
> Isn't it OK ?

No, Apache has no chance to choose the 2nd vhost in time to be able to
do an SSL handshake.


-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message