httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yehuda Katz <yeh...@ymkatz.net>
Subject Re: [users@httpd] Virtual Hosts and SSL Puzzler
Date Tue, 22 Oct 2013 14:14:02 GMT
On Tue, Oct 22, 2013 at 10:08 AM, Chris Gordon <CGordon@aires.com> wrote:

>  To answer your questions:
> *"Doesn't the SSLCertificate parameter for each VH say which cert to use*?
>
>
> Yes, but how does Apache know which VH to get the cert from until it has
> used a cert to decrypt the SSL?  It just used the first cert in this case.
> IP Bases will get you around this.  I said chicken - egg because Apache
> needs to read a header to know what VH to use but it can't read the header
> until it picks a vhost and uses the cert to decrypt the message.
>
> As I already pointed out, this is not correct. SNI support<http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI>
has
been included in Apache for years as have most browsers (except Windows XP).

- Y

Mime
View raw message