[49922] in North American Network Operators' Group
Re[2]: Question regarding web hosting ip addressing
daemon@ATHENA.MIT.EDU (Richard Welty)
Fri Jul 12 14:40:31 2002
Date: Fri, 12 Jul 2002 14:36:18 -0400 (EDT)
From: Richard Welty <rwelty@averillpark.net>
To: nanog@merit.edu
In-Reply-To: <20020712141735.GA61885@darkuncle.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Fri, 12 Jul 2002 07:17:35 -0700 Scott Francis <darkuncle@darkuncle.net> wrote:
> > a different certificate for each site while using one IP address.
> > (Correct me if I'm wrong!)
> According to http://httpd.apache.org/docs/vhosts/name-based.html (thanks
> Gerald), name-based hosting cannot be used with SSL due to the nature of
> the
> SSL protocol.
correct. there's a specific technical problem due to the way that the https
protocol is designed; it's a chicken-and-egg problem.
specifically, name based identification of sites is based on the HTTP host
request-header field. in https, the certificates are processed before the
Host request-header is transmitted; Host is supposed to be inside the
encrypted tunnel.
a different design might have permitted named based https identification of
virtual web site, but they did what they did.
richard
--
Richard Welty rwelty@averillpark.net
Averill Park Networking 518-573-7592
Unix, Linux, IP Network Engineering, Security
