Boyle Owen wrote:
Just to clear up some apparent confusion on this thread: I think the point everyone is missing is that an SSL-encrypted website uses a *different protocol* than plain old HTTP. Instead of thinking of SSL as some sort of add-on (like mod_perl) to a "normal" website, look carefully at the protocol part of the address - it is "https". So, at a network level, HTTPS is as distinct from HTTP as FTP or SMTP.
To correct you, the PROTOCOL remains HTTP, e.g., the https://localhost/ request sends... GET / HTTP/1.1 Host: localhost (notice, no 'https'). Yes, mod_ssl will change the scheme to https, but that's incidental.
Once you see that, you should see that obviously it needs a distinct TCP/IP socket (ie, IP address and/or port number).
Sort of - kind of. Pure SSL, yes, must be on a different socket. The http/ssl upgrade facility (RFC 2817) provides a mechanism for clients to connect with plain text, and then switch to ssl. Granted, I'm being pedantic, since no modern client supports this. Apache 2.1-dev does, some hacks at 2.0 do, and many network print devices handle it. This has the advantage that the client sends the upgrade request with a Host: header, so that name-based, SSL vhosting becomes a possibililty. Bill --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|