Return-Path: 
 <tomcat-user-return-118043-apmail-jakarta-tomcat-user-archive=jakarta.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tomcat-user-archive@www.apache.org
Received: (qmail 81716 invoked from network); 18 Dec 2004 13:19:32 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur-2.apache.org with SMTP; 18 Dec 2004 13:19:32 -0000
Received: (qmail 84367 invoked by uid 500); 18 Dec 2004 13:18:38 -0000
Delivered-To: apmail-jakarta-tomcat-user-archive@jakarta.apache.org
Received: (qmail 84350 invoked by uid 500); 18 Dec 2004 13:18:38 -0000
Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
List-Subscribe: <mailto:tomcat-user-subscribe@jakarta.apache.org>
List-Help: <mailto:tomcat-user-help@jakarta.apache.org>
List-Post: <mailto:tomcat-user@jakarta.apache.org>
List-Id: "Tomcat Users List" <tomcat-user.jakarta.apache.org>
Reply-To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Delivered-To: mailing list tomcat-user@jakarta.apache.org
Received: (qmail 84335 invoked by uid 99); 18 Dec 2004 13:18:38 -0000
X-ASF-Spam-Status: No, hits=0.5 required=10.0
	tests=FROM_ENDS_IN_NUMS
X-Spam-Check-By: apache.org
Received-SPF: neutral (hermes.apache.org: local policy)
Received: from smarty.dreamhost.com (HELO smarty.dreamhost.com) (66.33.216.24)
  by apache.org (qpsmtpd/0.28) with ESMTP; Sat, 18 Dec 2004 05:18:34 -0800
Received: from strange.dreamhost.com (strange.dreamhost.com [66.33.193.57])
	by smarty.dreamhost.com (Postfix) with ESMTP id BFD4213F62F
	for <tomcat-user@jakarta.apache.org>; Sat, 18 Dec 2004 05:18:32 -0800 (PST)
Received: by strange.dreamhost.com (Postfix, from userid 7734)
	id B14006A8EE; Sat, 18 Dec 2004 05:18:32 -0800 (PST)
Date: Sat, 18 Dec 2004 07:18:32 -0600
From: QM <qm300@brandxdev.net>
To: Tomcat Users List <tomcat-user@jakarta.apache.org>
Subject: Re: Virtual Hosts and SSL
Message-ID: <20041218131832.GA7260@strange.dreamhost.com>
References: <Pine.GSO.4.44.0412171352530.23144-100000@syrinx>
 <BAY103-DAV17F1F0829DE042AF495E99F5A00@phx.gbl>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <BAY103-DAV17F1F0829DE042AF495E99F5A00@phx.gbl>
User-Agent: Mutt/1.3.28i
X-Virus-Checked: Checked
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

On Fri, Dec 17, 2004 at 09:38:01PM -0700, Daniel Watrous wrote:
: I know that in apache, and I suspect that it is a general rule, an SSL 
: (HTTPS) connection requires a unique IP address.  In other words, virtual 
: hosts do not work with SSL.

Correct.  This is (or at least, should be) true all around: the SSL
negotiation takes place at a lower protocol level than the HTTP request
that specifies which virtual host the client wants to see.  Yet, it's
during the negotiation phase that client software compares the requested
hostname to the CN value of the cert.  

-QM

-- 

software  -- http://www.brandxdev.net
tech news -- http://www.RoarNetworX.com


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org