nanog mailing list archives
Re[2]: Question regarding web hosting ip addressing
From: Richard Welty <rwelty () averillpark net>
Date: Fri, 12 Jul 2002 14:36:18 -0400 (EDT)
On Fri, 12 Jul 2002 07:17:35 -0700 Scott Francis <darkuncle () darkuncle net> wrote:
a different certificate for each site while using one IP address. (Correct me if I'm wrong!)
According to http://httpd.apache.org/docs/vhosts/name-based.html (thanks Gerald), name-based hosting cannot be used with SSL due to the nature of the SSL protocol.
correct. there's a specific technical problem due to the way that the https
protocol is designed; it's a chicken-and-egg problem.
specifically, name based identification of sites is based on the HTTP host
request-header field. in https, the certificates are processed before the
Host request-header is transmitted; Host is supposed to be inside the
encrypted tunnel.
a different design might have permitted named based https identification of
virtual web site, but they did what they did.
richard
--
Richard Welty rwelty () averillpark net
Averill Park Networking 518-573-7592
Unix, Linux, IP Network Engineering, Security
Current thread:
- Question regarding web hosting ip addressing Martin Hannigan (Jul 11)
- Re: Question regarding web hosting ip addressing Scott Francis (Jul 11)
- Message not available
- Re: Question regarding web hosting ip addressing Scott Francis (Jul 12)
- Re[2]: Question regarding web hosting ip addressing Richard Welty (Jul 12)
- Re: Question regarding web hosting ip addressing David Terrell (Jul 12)
- Re: Question regarding web hosting ip addressing Gerald (Jul 12)
- Message not available
- Re: Question regarding web hosting ip addressing Scott Francis (Jul 11)