Date: Thu, 11 Apr 2002 10:07:28 +1000 (EST) From: Colin Campbell <sgcccdc@citec.qld.gov.au> To: Chris Cook <ccook@tcworks.net> Cc: Baris Simsek <simsek@bimel.com.tr>, <freebsd-isp@FreeBSD.ORG> Subject: Re: VHost SSL Message-ID: <Pine.BSF.4.33.0204111004020.7674-100000@guru.citec.qld.gov.au> In-Reply-To: <3CB462E4.9A49AD38@tcworks.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Wed, 10 Apr 2002, Chris Cook wrote: > You cannot use virtual hosts with SSL, each host must have their own IP > address... Correct. That's because there's a chicken-and-egg problem. VHOSTS work by the HTTP request including a "Host:" header. The browser connects to the IP address of the web server. The web server reads the HTTP headers and discovers which VHOST is being accessed. It can then consult its config to find where all the VHOST config data is. With SSL you need to know which certificate to use to decode the HTTP header so you can find which VHOST is being accessed. Clearly this is not possible - you cannot decode the packet without knowing which VHOST's certificate to use and you can't get the certificate without decoding the packet. Just thought I'd try and explain why. Colin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0204111004020.7674-100000>