Re: Re: HTTPS connexion on the port 80

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Nov 10, 2008 at 5:00 PM, David BERCOT <debian@xxxxxxxxxx> wrote:
> Le Mon, 10 Nov 2008 15:55:17 -0500,
> Dan Poirier <poirier@xxxxxxxxx> a écrit :
>> David BERCOT <debian@xxxxxxxxxx> writes:
>> > Le Mon, 10 Nov 2008 06:59:54 -0500,
>> > "Eric Covener" <covener@xxxxxxxxx> a écrit :
>> >> On Mon, Nov 10, 2008 at 2:03 AM, David BERCOT <debian@xxxxxxxxxx>
>> >> wrote:
>> >>
>> >> > Yes, but no ;-)
>> >> > I want https traffic on port 80, nor 443 !!!
>> >>
>> >> You can't do that, because the client needs to know whether to
>> >> speak http or https as soon as they send any data, and apache
>> >> won't just try to interpret it either way.
>> >
>> > But the client knows what to speak because I tell him :
>> > httpS://site3.mondomaine:80/
>>
>> Apache needs to know too.  It can't see the Host passed from the
>> client until it has already started reading the request, which it
>> can't do until it has done an SSL handshake.  How would it know
>> whether to do that or not, if port 80 is getting both SSL and non-SSL
>> connections?
>
> May be my knowledge of Apache configuration is not good, but there are
> specific directives for SSL :
>
> HTTP site :
> <VirtualHost *:80>
>        ServerName site1.mondomaine.org
>        DocumentRoot /site1
> </VirtualHost>
>
> HTTPS site :
> <VirtualHost *:80>
>        ServerName site2.mondomaine.org
>        DocumentRoot /site2
>        SSLEngine on
>        SSLCertificateFile /ssl/site2.cert
>        SSLCertificateKeyFile /ssl/site2.key
> </VirtualHost>
>
> I think that Apache knows that site1 is only HTTP and site2 is HTTPS.
> Isn't it OK ?

No, Apache has no chance to choose the 2nd vhost in time to be able to
do an SSL handshake.


-- 
Eric Covener
covener@xxxxxxxxx

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux