Tony Anecito wrote:
Hi All, I have heard a strange story about how using 1 port for Apache SSL is not a good idea for performance. I heard if you have three sites usign the same SSL port it could really slow down performance as compared to putting those sites on separate ports for SSL. Should not each site have it's own port for SSL?
---------------- End original message. --------------------- Where did you hear that?What is true is that you cannot do name-based virtual hosts on the same IP address with multiple domain names and have that work correctly (that subject comes up here all the time). Basically, you have to use a separate IP address for each domain name so that SSL negotiation serves the correct certificate for the domain. This is a limitation of the protocol that establishes SSL connections and there is really no legitimate way around how it works. (There is a way to "cheat" and use "wild card certificates" but that is considered bad practice and should not be done).
All of these IP addresses can and should run on port 443 for SSL unless you have another compelling reason to do something different. Each of these instances will be separate ports because each IP address has its own set of ports that are not shared. In other words, port 443 on IP 192.168.1.100 is not the same as port 443 on IP 10.3.67.24
Perhaps the requirement for a unique IP address is the source of the confusion?
Dragon ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Venimus, Saltavimus, Bibimus (et naribus canium capti sumus) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx