tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Johnny Kewl" <j...@kewlstuff.co.za>
Subject Re: HTTPS and Virtual Hosts
Date Mon, 22 Sep 2008 12:16:03 GMT

----- Original Message ----- 
From: "André Warnier" <aw@ice-sa.com>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Monday, September 22, 2008 12:21 PM
Subject: Re: HTTPS and Virtual Hosts


> Mark Thomas wrote:
>> Ognjen Blagojevic wrote:
>>> André Warnier wrote:
>>>> Is the above, very roughly and approximatively still a valid
>>>> explanation of what happens, or is it totally wrong, or has something
>>>> changed in-between that I am unaware of ?
>>> Yes, that's about it. Here is the official explanation:
>>>
>>>   http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts
>>>
>>> The workaround is also proposed. You can use different ports or IP
>>> adresses for different SSL enabled virtual hosts. For instance, you
>>> could put 2 or more network cards in the server, and than configure one
>>> virtual host for each of these cards.
>>
>> You do not need multiple NICs to support multiple IP addresses. You can
>> quite happily configure a NIC with multiple IP addresses.
>>
> Allright.
> Thanks to everyone for the answers and references.
> This was also linked to another thread "Re. Connector problem", for which 
> I am also interested in the practical solution.
>
> Now, a follow-up question :
>
> I seem to remember that there was talk about a scheme or a protocol that 
> would allow (very roughly) a client/server pair to start a session using 
> HTTP (not SSL), negociate, then in the course of the session "upgrade" 
> this link to HTTPS.  And that this somehow could be a solution to the 
> Virtual Host issue under HTTPS.
> Am I dreaming this up, or does there exist something in that general area 
> ?

Andre, I'm not aware of anything like it... one can actually do anything 
with crypto stuff, but the problem is that half the engine is built into the 
browser, if it doesnt want to play, it doesnt happen... there are do it 
yourself secure layers out there at javascript level, but they have 
issues... dont secure whole page etc.

... dont think so...

However as soon as you leave the browser environment... anything is 
possible.

---------------------------------------------------------------------------
HARBOR : http://www.kewlstuff.co.za/index.htm
The most powerful application server on earth.
The only real POJO Application Server.
See it in Action : http://www.kewlstuff.co.za/cd_tut_swf/whatisejb1.htm
---------------------------------------------------------------------------


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message