nanog mailing list archives
Re[2]: Question regarding web hosting ip addressing
From: Richard Welty <rwelty () averillpark net>
Date: Fri, 12 Jul 2002 14:36:18 -0400 (EDT)
On Fri, 12 Jul 2002 07:17:35 -0700 Scott Francis <darkuncle () darkuncle net> wrote:
a different certificate for each site while using one IP address. (Correct me if I'm wrong!)
According to http://httpd.apache.org/docs/vhosts/name-based.html (thanks Gerald), name-based hosting cannot be used with SSL due to the nature of the SSL protocol.
correct. there's a specific technical problem due to the way that the https protocol is designed; it's a chicken-and-egg problem. specifically, name based identification of sites is based on the HTTP host request-header field. in https, the certificates are processed before the Host request-header is transmitted; Host is supposed to be inside the encrypted tunnel. a different design might have permitted named based https identification of virtual web site, but they did what they did. richard -- Richard Welty rwelty () averillpark net Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security
Current thread:
- Question regarding web hosting ip addressing Martin Hannigan (Jul 11)
- Re: Question regarding web hosting ip addressing Scott Francis (Jul 11)
- Message not available
- Re: Question regarding web hosting ip addressing Scott Francis (Jul 12)
- Re[2]: Question regarding web hosting ip addressing Richard Welty (Jul 12)
- Re: Question regarding web hosting ip addressing David Terrell (Jul 12)
- Re: Question regarding web hosting ip addressing Gerald (Jul 12)
- Message not available
- Re: Question regarding web hosting ip addressing Scott Francis (Jul 11)