Re: TLS, SNI, and Multiple VHosts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Re: TLS, SNI, and Multiple VHosts
From: Eric Covener <covener@xxxxxxxxx>
Date: Sat, 18 Oct 2014 09:54:22 -0400
In-reply-to: <CAFMGiz8NSDBQk=_=tobVDyeLgFsbR0ybShwTOO4gNC-Z3jsSCw@mail.gmail.com>
Reply-to: users@xxxxxxxxxxxxxxxx

On Sat, Oct 18, 2014 at 9:50 AM, Tom Browder <tom.browder@xxxxxxxxx> wrote:

If I get a server TLS certificate for an IP address, is it true that I
can have essentially unlimited TLS VHosts using that certificate
(assuming clients are SNI-capable)?

I don't think so.

* The hostnames need to be in the certificate for the client to validate it

* SNI is only useful for N certificates, not 1 certificate that has wildcards or subjectaltnames. The latter doesn't require SNI.

References:
- TLS, SNI, and Multiple VHosts
  - From: Tom Browder

Prev by Date: TLS, SNI, and Multiple VHosts
Next by Date: Re: Apache PHP configuration
Previous by thread: TLS, SNI, and Multiple VHosts
Next by thread: C module
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]