El Miércoles, 21 de Enero de 2009 01:42:45 Brian Mearns escribió: > Is that right? I thought it was the opposite: most browser's supported > SNI, but Apache doesn't. Is SNI done automatically when Named Vhosts > are used, or are there additional directives required? > Well, actually most browsers had already released SNI support. However, you cannot assume that users are up to date. From http://en.wikipedia.org/wiki/Server_Name_Indication#Support: Browsers with support for TLS server name indication: Mozilla Firefox 2.0 or later Opera 8.0 or later (the TLS 1.1 protocol must be enabled) Internet Explorer 7 (Vista, not XP) or later Google Chrome Safari 3.2.1 Mac OS X 10.5.6 So, no XP with IE support, that leaves many many users out of SNI. And there are still quite a few number of users with firefox 1.5. For apache, what it really matters is the SSL library. GNUTLS had support since some time ago. Openssl since 0.9.8f can be compiled with experimental SNI support. I never tried, but to use it I suppose you just put a different certificate in each virtual host and you're done (it should be that way, I think). --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|