On Tue, Feb 15, 2000 at 08:37:03PM +0300, Alex S. Burba wrote:
> ðÏÄÓËÁÖÉÔÅ, ÐÏÖÁÌÕÊÓÔÁ, mod_ssl Ó name-based virtual hosts ÕÍÅÅÔ ÒÁÂÏÔÁÔØ?
* Why can't I use SSL with name-based/non-IP-based virtual hosts?
The reason is very technical. Actually it's some sort of a chicken
and egg problem: The SSL protocol layer stays below the HTTP
protocol layer and encapsulates HTTP. When an SSL connection
(HTTPS) is established Apache/mod_ssl has to negotiate the SSL
protocol parameters with the client. For this mod_ssl has to
consult the configuration of the virtual server (for instance it
has to look for the cipher suite, the server certificate, etc.).
But in order to dispatch to the correct virtual server Apache has
to know the Host HTTP header field. For this the HTTP request
header has to be read. This cannot be done before the SSL
handshake is finished. But the information is already needed at
the SSL handshake phase. Bingo!
Alexander Prohorenko, Extra Solutions
..."You labeled me - I'll label you, so I dub the Unforgiven" --Metallica
"inet-admins" Internet access mailing list. Maintained by East Connection ISP.
Mail "unsubscribe inet-admins" to Majordomo@info.east.ru if you want to quit.
Archive is accessible on http://info.east.ru/rus/inetadm.html