Eddy Nigg wrote:
Trying the different sub domain trick doesn't work on the same server
but different host and IP.
Let me phrase this explicitly :
- You use only one Apache instance
Correct.
- You configured two virtual hosts inside that instance
- either each virtual host listens on a different IP
Correct.
We'll it may be so, but it'd be a little surprising.
It requires two "bug/feature" I think :
- a server that allows reusing the same SSL ID on a different virtual
host. I can see how it could happen that the SSL ID pool is actually
shared between all virtual servers, but it's still not very clean.
In any case it didn't solved the renegotiation. Either the NSS
implementation is broken or mod_ssl does something surprising. Now, NSS
works great with itself (as mod_nss and client), but what about the rest...
- a client that tries to reuse the SSL ID if the request goes to the a
different host inside the same subdomain. Now that's harder to think
of it as anything else than a quite ugly bug, but we'd have to live
with it if it's the case
That would be the even bigger surprise.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP: start...@startcom.org
Blog: http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
