Stefan de Konink wrote: > Michiel van Es schreef: >> I also see you can choose to run every virtual server (host match) with >> an ip-adress, and then fill in the certificate for every virtual host? >> Do I really have to run 3 cherokee servers with own their resources >> being used? > > Yes, because at the time a request arrives there. The certificate > exchange already has taken place. So that means the client needs SNI. A > client not having SNI is the only reason why you want to IP space. >
Just out of curiousity: If I get it right, SSL virtual hosting in Cherokee is only available if: - You use a really recent OpenSSL version (self compiled or the latest or use Fedora/FreeBSD - most known Linux distro's won't have the OpenSSL with SNI build in). - Your clients have to use at least Vista or a recent Firefox (most big organizations still use Windows 2000/XP and IE 7 but not the Vista IE 7 of even Windows 7) I heard a couple of months a go that it would be perhaps possible to implement the 'old' version of virtual hosts with unique ip-adresses and use their own SSL certs/keys. Or at least cherokee project was thinking about offering the old SSL virtual hosting. Is this still going to be implemented or is cherokee the only webserver forcing users to use SNI or run multiple cherokee instances (what is waste of resources) ? If I get it wrong, then please correct me but to my knowledge million users are using one of the big famous Linux distro's and are not being able to fully use cherokee with the default OpenSSL and settings they installed from the system ? (let's not forget about the millions of people working at banks or financial companies not being able to use windows vista or firefox 2/3.* because their company policy are not allowing them to use something different then Windows 2000/XP and IE 6/7. Just my 0,02 $ regarding SSL and virtual hosting and the latest OpenSSL techniques ;) I just want to run old style SSL with uniq ip-adresses, is it going possible with cherokee version * and the default OpenSSL version provided by the package management and running 1 cherokee version or am I force to use 3 cherokee's or upgrade my OpenSSL version manually with source tarballs? Kind Regards, Michiel > > Stefan _______________________________________________ Cherokee mailing list [email protected] http://lists.octality.com/listinfo/cherokee
