tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject HTTPS and Virtual Hosts
Date Mon, 22 Sep 2008 08:57:21 GMT

I'm not an expert at anything below, that's why I am asking.
I am also not looking for a very precise answer, just a rough summary.

The question :

As I remember from reading about this a while ago, there is/was a 
fundamental incompatibility between the HTTP Virtual Host mechanism, and 
HTTPS/SSL, in the sense that there is some egg-and-chicken problem 
involved, which roughly goes like this :
- the client connects to the host and requests an encrypted connection 
to a certain hostname
- the host and client negociate the encryption (based or not on the name 
of the host)
- on subsequent requests, the client sends the request encrypted, 
including the "Host:" header that (acording to the HTTP protocol) should 
indicate the name of the Virtual Host it wants to talk to
- the server should decode the request (including this "Host:" HTTP 
header) in order to determine which Host the request is addressed to, 
but it can't because it does not know which host it is yet, and thus 
cannot decode the request
- we are thus stuck

Is the above, very roughly and approximatively still a valid explanation 
of what happens, or is it totally wrong, or has something changed 
in-between that I am unaware of ?


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message