Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 




      :: Inet-Admins
Inet-Admins mailing list archive (inet-admins@info.east.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [inet-admins] mod_ssl

On Tue, Feb 15, 2000 at 08:37:03PM +0300, Alex S. Burba wrote:
> , , mod_ssl  name-based virtual hosts  ?


* Why can't I use SSL with name-based/non-IP-based virtual hosts?
  The reason is very technical. Actually it's some sort of a chicken
  and egg problem: The SSL protocol layer stays below the HTTP
  protocol layer and encapsulates HTTP. When an SSL connection
  (HTTPS) is established Apache/mod_ssl has to negotiate the SSL
  protocol parameters with the client. For this mod_ssl has to
  consult the configuration of the virtual server (for instance it
  has to look for the cipher suite, the server certificate, etc.).
  But in order to dispatch to the correct virtual server Apache has
  to know the Host HTTP header field. For this the HTTP request
  header has to be read. This cannot be done before the SSL
  handshake is finished. But the information is already needed at
  the SSL handshake phase. Bingo!

Alexander Prohorenko, Extra Solutions
..."You labeled me - I'll label you, so I dub the Unforgiven" --Metallica
"inet-admins" Internet access mailing list. Maintained by East Connection ISP.
Mail "unsubscribe inet-admins" to Majordomo@info.east.ru if you want to quit.
Archive is accessible on http://info.east.ru/rus/inetadm.html


Copyright © Lexa Software, 1996-2009.