httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Schober <peter.scho...@univie.ac.at>
Subject Re: [users@httpd] how to get multiple SSL with name based vhost ?
Date Tue, 01 Dec 2009 11:39:30 GMT
* Boyle Owen <Owen.Boyle@six-group.com> [2009-12-01 10:08]:
> Krist explained it very nicely... But maybe you still didn't get it:
> Without SNI, there is NO WAY TO DO THIS. It is a fundamental
> limitation of the HTTPS protocol with no production-grade
> work-around. SNI (server-name indication) was specifically added to
> address this limitation. There is simply NO ALTERNATIVE.

Nonsense, and shouting does not make it correct either.
Use X.509v3 SubjectAltName extensions in the certs, as I (and probably
others) said several times on this very list last month alone.
(And of course SNI is preferable, once ubiquitious support for it is
available in servers and user agents alike).
-peter

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message