Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 4E6EDCAB1 for ; Wed, 2 May 2012 12:16:37 +0000 (UTC) Received: (qmail 39902 invoked by uid 500); 2 May 2012 12:16:33 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 39832 invoked by uid 500); 2 May 2012 12:16:33 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 39819 invoked by uid 99); 2 May 2012 12:16:33 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 02 May 2012 12:16:33 +0000 X-ASF-Spam-Status: No, hits=-0.5 required=5.0 tests=FREEMAIL_ENVFROM_END_DIGIT,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of rthirunavukkarasu23@gmail.com designates 209.85.217.173 as permitted sender) Received: from [209.85.217.173] (HELO mail-lb0-f173.google.com) (209.85.217.173) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 02 May 2012 12:16:28 +0000 Received: by lbok6 with SMTP id k6so541781lbo.18 for ; Wed, 02 May 2012 05:16:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=60GgZi4KC41dp3ShUvfP8aMd8U0U6LxdpmGEPk+Yeeg=; b=U8uG1q5Ru3/F72uA7k/25mxq8Lb+4ZM3sD1+6NBkpscMXnnHBAbsaiyCU5Ufc/0JzL 01793f1o6NAjeMsLNYDuUTWoCE15hnKbzsDSRfXLW2wzzUjVPi424mMn2ejXleot2lB8 K4XrW7pUBPlsRtZc4ojPnqFzeI4RZDTuVyUvu6iTUu6jXpmf+dLdH4tMCVT2aLdhYosj KEhb0qSVIr8ldE2En2eJOXjKaXQREd4SKFCnlhIvExQYkwPLcGCuA9d7nHDLoqJ7c5Nk 4GP6hccWwhrHOiAFE+Sgb9RaBmCXSR0VXejSfPODdFu5DACHil5Efx6YudabsRfIcmPL yUyg== MIME-Version: 1.0 Received: by 10.152.130.138 with SMTP id oe10mr1009281lab.5.1335960966689; Wed, 02 May 2012 05:16:06 -0700 (PDT) Received: by 10.112.85.132 with HTTP; Wed, 2 May 2012 05:16:06 -0700 (PDT) In-Reply-To: <1335800556.85780.YahooMailNeo@web125501.mail.ne1.yahoo.com> References: <4F9E5593.8020805@apache.org> <1335800556.85780.YahooMailNeo@web125501.mail.ne1.yahoo.com> Date: Wed, 2 May 2012 17:46:06 +0530 Message-ID: Subject: Re: SNI (Server Name Indication) supports in Tomcat (7.0.27) From: Reka Thirunavukkarasu To: Tomcat Users List , Mark Eggers Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org On Mon, Apr 30, 2012 at 9:12 PM, Mark Eggers wrote: > ----- Original Message ----- > >> From: Reka Thirunavukkarasu >> To: Tomcat Users List >> Cc: >> Sent: Monday, April 30, 2012 4:19 AM >> Subject: Re: SNI (Server Name Indication) supports in Tomcat (7.0.27) >> >>T hanks. I could see all the clarifications there. >> >> Reka >> >> On Mon, Apr 30, 2012 at 2:34 PM, Mark Thomas wrote: >>> =C2=A0On 30/04/2012 09:58, Reka Thirunavukkarasu wrote: >>>> =C2=A0Can you please provide any material >>>> =C2=A0to got through to support SNI? >>> >>> =C2=A0http://tomcat.markmail.org/thread/q6d5czzlgih3r2ys >>> >>> =C2=A0Mark > > > Reka, > > Another wrinkle, but I've not tried this with Tomcat . . . > > You could look at a SAN cert. I'm currently using a SAN cert in Apache HT= TPD with named virtual hosts and SSL. The configuration check complains, bu= t that complaint is apparently a bug since the actual feature is supported. > > I don't know what the performance impact would be with many hosts. I also= don't know how this would work since you let your users choose virtual hos= t names. The SAN cert would have to be updated for each host name, which mi= ght also be an issue for you. Since we are dynamically handling the hosts, SAN is again an issue. The eventual approach is using wild card for the host names to overcome the issues with other approaches. Since we are using java 6, using SNI at the moment is not much stable for us. > > . . . . just my two cents. > /mde/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org > Reka. --=20 Regards, Reka :) --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org