Hi there folks,
I'd like to draw you attention on this for a second:
--
2008-08-21 Alvaro Lopez Ortega <[EMAIL PROTECTED]>
* cherokee/virtual_server.c, cherokee/virtual_server.h,
cherokee/socket.c: Adds TLS SNI support to the GNUTLS backend.
* cherokee/virtual_server.c, cherokee/socket.c, cherokee/socket.h,
cherokee/downloader.c: Adds TLS SNI support to the OpenSSL
backend.
--
So, the upcoming Cherokee 0.9 release will support TLS SNI [1].
In case you have not heard about it, it's basically a TLS extension that
allows virtual servers to use their own certificates without having to
re-handshake. During the initial SSL handshake the client sends the
target host name to the server, so it can pick up the right certificate
to establish the secure communication channel.
Just as a note aside: you might need to update your OpenSSL library to
get it working. There are still quite a few OSes that ship OpenSSL
without this new feature. Do not worry if you use GNUTLS though, it has
supported SNI for quite a long time now.
Cheers!
1.- RFC 4680: TLS Handshake Message for Supplemental Data
RFC 4366: Transport Layer Security (TLS) Extensions
--
Greetings, alo
http://www.alobbs.com/
_______________________________________________
Cherokee mailing list
[email protected]
http://lists.octality.com/listinfo/cherokee
