httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: [users@httpd] Name-based SSL virtual hosts
Date Mon, 24 Jan 2011 15:39:39 GMT
Hi Martin,

Thanks for the info. Guess I have some reading to do!

My Best!


Wolfgang Miska
Executive Vice President

GEIGER of Austria, Inc.
38 Pond Lane
P.O. Box 728
Middlebury, VT 05753-0728

(802) 388-3156  (802) 388-9745 Fax

Martin Kuba <> 
01/24/2011 04:13 AM
Please respond to


Re: [users@httpd] Name-based SSL virtual hosts

Hi Wolfgang,

there is a chicken-and-egg problem with name-based virtual hosts
and SSL. The SSL connection is established *before* HTTP communication,
so the SSL server does not know what Host: HTTP header will be sent
in the moment it decides which SSL server certificate to send.

So for SSL HTTP servers, each server needs its own IP address,
virtual named-based hosts are not possible.

There is  a solution for this problem, it is a change in the SSL protocol
which allows to send host name in the SSL handshake. However it is not
supported by all web browsers.

For details see

In a nutshell, if you want to support MSIE on Windows XP, you cannot use 

I solve this by using one IP address for all SSL servers with the same DNS 
domain owner,
and a SSL server certificate that has all the server names as 
That works for all browsers, but it is some hassle to create a new 
for all names each time a new SSL server is added.



Dne 21.1.2011 22:18, napsal(a):
> Hi,
> I am not too familiar with Apache, so the following message has stumped 
> [warn] Init: Name-based SSL virtual hosts only work for clients with TLS 
server name indication support (RFC 4366)
> Can somebody explain what that means and what are the consequences?
> Thanks so much!
> Wolfgang

Supercomputing Center Brno             Martin Kuba
Institute of Computer Science    email:
Masaryk University   
Botanicka 68a, 60200 Brno, CZ     mobil: +420-603-533775

View raw message