[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: add mod_ssl to apache under RH 7.2

So, would I be correct to say that one could do port-based hosting like:

and so on...

or simply have apache make the "secure" 3ld point to port 44900 on the 
IP address of name-based-host.tld, thus becoming:


which is exactly what I want?

Also, how much of a problem would there be with using 449nn unprivileged
ports with SSL?


--- Ed Wilts <ewilts ewilts org> wrote:
> On Tue, Mar 26, 2002 at 09:25:28AM -0800, Michael Oatman wrote:
> > I found somewhere that SSL does not do name-based virtual hosts.
> > 
> > If anyone has a way around this limitation, other than say,
> > https://secure.domain.tld/name-based_host/ please LMK.
> I believe that the reason it doesn't work is that the data is encrypted.
> That means that you won't ever see a workaround...  Similarly, ftp/tls won't 
> work over most firewalls since the embedded PORT commands are encrypted and the
> firewall can't figure out which port you want to open.
> -- 
> Ed Wilts, Mounds View, MN, USA
> mailto:ewilts ewilts org


--- David Talkington <dtalk prairienet org> wrote:
> Hash: SHA1
> Mike Burger wrote:
> >To my knowledge, there is no way around it.  Currently, secure certs are 
> >issued for specific IPs.  You can't really have more than one site with 
> >the same IP and expect the certs to work, properly.
> Right.  
> This snip is from misc openbsd, and is credited to Ben Laurie from the
> Apache-SSL list:
> `The issue is that the certificate presented by the server can only be
> selected on the basis of stuff that's known as soon as the socket is  
> connected (i.e. before any data exchange). The only useful information
> available is the server IP and port number, so in order to present the
> right certificate, you need a unique IP/port for each secure server.'
> - -d
> - -- 
> David Talkington

Ah.... I see....

Do You Yahoo!?
Yahoo! Movies - coverage of the 74th Academy Awards®

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]