tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Crowther <>
Subject RE: HTTPS and Virtual Hosts
Date Mon, 22 Sep 2008 10:19:28 GMT
> From: Johnny Kewl []
> I actually cant see any
> reason why the hand shake couldnt be extended to look at the
> incoming URL...

Because the URL (or at least the host header) would have to be sent over the wire in cleartext,
as it's before the encrypted connection is negotiated.  This is an information disclosure

                - Peter

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message