Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 34406 invoked from network); 22 Sep 2008 09:04:13 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 22 Sep 2008 09:04:13 -0000 Received: (qmail 5833 invoked by uid 500); 22 Sep 2008 09:03:58 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 5800 invoked by uid 500); 22 Sep 2008 09:03:58 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 5789 invoked by uid 99); 22 Sep 2008 09:03:58 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Sep 2008 02:03:58 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [212.85.38.174] (HELO popeye.combios.es) (212.85.38.174) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Sep 2008 09:02:58 +0000 Received: from [192.168.245.129] (p549EA781.dip0.t-ipconnect.de [84.158.167.129]) (authenticated bits=0) by popeye.combios.es (8.13.8/8.13.8/Debian-3) with ESMTP id m8M8x9C0021718 for ; Mon, 22 Sep 2008 10:59:10 +0200 Message-ID: <48D75DF1.8010705@ice-sa.com> Date: Mon, 22 Sep 2008 10:57:21 +0200 From: =?ISO-8859-1?Q?Andr=E9_Warnier?= User-Agent: Thunderbird 2.0.0.16 (Windows/20080708) MIME-Version: 1.0 To: Tomcat Users List Subject: HTTPS and Virtual Hosts Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on popeye.combios.es X-Virus-Scanned: ClamAV 0.92.1/8306/Mon Sep 22 05:30:00 2008 on popeye.combios.es X-Virus-Status: Clean X-Virus-Checked: Checked by ClamAV on apache.org X-Old-Spam-Status: No, score=-97.9 required=2.5 tests=RCVD_IN_PBL, RCVD_IN_SORBS_DUL,USER_IN_WHITELIST autolearn=no version=3.2.3 Hi. I'm not an expert at anything below, that's why I am asking. I am also not looking for a very precise answer, just a rough summary. The question : As I remember from reading about this a while ago, there is/was a fundamental incompatibility between the HTTP Virtual Host mechanism, and HTTPS/SSL, in the sense that there is some egg-and-chicken problem involved, which roughly goes like this : - the client connects to the host and requests an encrypted connection to a certain hostname - the host and client negociate the encryption (based or not on the name of the host) - on subsequent requests, the client sends the request encrypted, including the "Host:" header that (acording to the HTTP protocol) should indicate the name of the Virtual Host it wants to talk to - the server should decode the request (including this "Host:" HTTP header) in order to determine which Host the request is addressed to, but it can't because it does not know which host it is yet, and thus cannot decode the request - we are thus stuck Is the above, very roughly and approximatively still a valid explanation of what happens, or is it totally wrong, or has something changed in-between that I am unaware of ? Thanks --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org