RE: how to get multiple SSL with name based vhost ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> -----Original Message-----
> From: Peter Schober [mailto:peter.schober@xxxxxxxxxxxx] 
> Sent: Tuesday, December 01, 2009 12:40 PM
> To: users@xxxxxxxxxxxxxxxx
> Subject: Re:  how to get multiple SSL with name 
> based vhost ?
> 
> * Boyle Owen <Owen.Boyle@xxxxxxxxxxxxx> [2009-12-01 10:08]:
> > Krist explained it very nicely... But maybe you still didn't get it:
> > Without SNI, there is NO WAY TO DO THIS. It is a fundamental
> > limitation of the HTTPS protocol with no production-grade
> > work-around. SNI (server-name indication) was specifically added to
> > address this limitation. There is simply NO ALTERNATIVE.
> 
> Nonsense, and shouting does not make it correct either.
> Use X.509v3 SubjectAltName extensions in the certs, as I (and probably
> others) said several times on this very list last month alone.

<whisper>
Thanks for the reminder, peter. Oddly enough, I had a nagging suspicion
I had heard of some rather obscure alternative to SNI and now I know
where I heard it :-) But couldn't remember enough about it to find it on
Google :-( Anyway, I stand corrected. 

Sorry for afflicting your hearing - but it seemed the op wasn't getting
the point. However, at least he now has an alternative... Would you mind
helping him out with it?

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

</whisper>




> (And of course SNI is preferable, once ubiquitious support for it is
> available in servers and user agents alike).
> -peter
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> 
> 
 
This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. 
The sender's company reserves the right to monitor all e-mail communications through their networks.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux