Date: Fri, 07 Mar 2003 22:37:59 -0400 From: Chris Bowlby <excalibur@hub.org> To: "Jan Mikkelsen" <janm@transactionware.com>, <freebsd-isp@freebsd.org> Subject: RE: multiple SSL key's on one IP several Vhosts... Message-ID: <5.2.0.9.0.20030307223533.00a05270@mail.hub.org> In-Reply-To: <001801c2e3df$28a02030$fc5807ca@mosm1> References: <5.2.0.9.0.20030305230242.00a18200@mail.hub.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 11:51 PM 3/6/03 +1100, Jan Mikkelsen wrote: >As someone else wrote, the problem is that the SSL handshake happens >before the HTTP host header is sent by the client saying what it is >after. Because the server DNS name is embedded in the certificate used >in the SSL handshake you are forced into a one to one mapping of virtual >hosts and IP addresses. > >There is a solution: Include the host name in the initial SSL (now TLS) >handshake so the server can choose the right certificate to use during >the TLS negotiation. There is a standards track RFC covering this >(along with a generalised extension mechanism and other stuff) in the >RFC editor's queue. This means that the limitation will be less of an >issue once some portion of the browser population implements the RFC, >which is probably not the timeframe you are after. Hi Jan, Thanks for the update, we are kind of in a hurry for it, but will have to wait until it's looped through the system I guess...thanks. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.2.0.9.0.20030307223533.00a05270>