Re: One host, two SSL sites

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



El Miércoles, 21 de Enero de 2009 01:42:45 Brian Mearns escribió:
> Is that right? I thought it was the opposite: most browser's supported
> SNI, but Apache doesn't. Is SNI done automatically when Named Vhosts
> are used, or are there additional directives required?
> 
Well, actually most browsers had already released SNI support. However, you cannot assume that users are up to date. From http://en.wikipedia.org/wiki/Server_Name_Indication#Support:
Browsers with support for TLS server name indication:
  Mozilla Firefox 2.0 or later
  Opera 8.0 or later (the TLS 1.1 protocol must be enabled)
  Internet Explorer 7 (Vista, not XP) or later
  Google Chrome
  Safari 3.2.1 Mac OS X 10.5.6

So, no XP with IE support, that leaves many many users out of SNI. And there are still quite a few number of users with firefox 1.5.
For apache, what it really matters is the SSL library. GNUTLS had support since some time ago. Openssl since 0.9.8f can be compiled with experimental SNI support. I never tried, but to use it I suppose you just put a different certificate in each virtual host and you're done (it should be that way, I think).



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux