* Boyle Owen <Owen.Boyle@xxxxxxxxxxxxx> [2009-12-01 10:08]: > Krist explained it very nicely... But maybe you still didn't get it: > Without SNI, there is NO WAY TO DO THIS. It is a fundamental > limitation of the HTTPS protocol with no production-grade > work-around. SNI (server-name indication) was specifically added to > address this limitation. There is simply NO ALTERNATIVE. Nonsense, and shouting does not make it correct either. Use X.509v3 SubjectAltName extensions in the certs, as I (and probably others) said several times on this very list last month alone. (And of course SNI is preferable, once ubiquitious support for it is available in servers and user agents alike). -peter --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|