nanog mailing list archives
Re: Question regarding web hosting ip addressing
From: David Terrell <dbt () meat net>
Date: Fri, 12 Jul 2002 13:22:48 -0700
On Fri, Jul 12, 2002 at 07:17:35AM -0700, Scott Francis wrote:
On Fri, Jul 12, 2002 at 08:25:25AM -0400, kramert () mlrnoc navy mil said:Odd. I've run multiple "https:" sites on one IP. The browser will complain about the certificate but you can always have a different certificate for each site while using one IP address. (Correct me if I'm wrong!)
You're wrong. :) The SSL exchange happens before the HTTP protocol over SSL can begin, and so the server has no idea which cert to send; or more practically, just has one cert configured per (host,port). There is a defined mechanism to do HTTPS over port 80 using a mechanism called Upgrade and inband TLS. This will make it possible to do name based vhosts and encryption, because you provide a Host: header along with the Upgrade: TLS/1.0 header.
According to http://httpd.apache.org/docs/vhosts/name-based.html (thanks Gerald), name-based hosting cannot be used with SSL due to the nature of the SSL protocol.
Yep. -- David Terrell | "It is helpful to indicate in advance whether the Nebcorp Prime Minister | printers will be supporting standard A4 paper or dbt () meat net | the strange but patriotic American 8.5x11 inch http://wwn.nebcorp.com/ | paper." - draft-ymbk-termroom-op-06
Current thread:
- Question regarding web hosting ip addressing Martin Hannigan (Jul 11)
- Re: Question regarding web hosting ip addressing Scott Francis (Jul 11)
- Message not available
- Re: Question regarding web hosting ip addressing Scott Francis (Jul 12)
- Re[2]: Question regarding web hosting ip addressing Richard Welty (Jul 12)
- Re: Question regarding web hosting ip addressing David Terrell (Jul 12)
- Re: Question regarding web hosting ip addressing Gerald (Jul 12)
- Message not available
- Re: Question regarding web hosting ip addressing Scott Francis (Jul 11)