> I have virtual hosts on several ports besides 80. It's simply an artifact
> of the SSL protocol (SSL is negotiated BEFORE he host header comes
through),
> so as a result, you need some way for the server to tell which SSL cert is
> appropriate. That method is based on the IP.
Actually it might seem annoying at first, but very useful OTOH. Https is an
http "stream" through an encrypted channel. If you use https, even your
URL-s are encrypted. This is very important, as one might chose to send
to-be-secured data put in the URL. OR, you might want to keep secret that
your admin page is at monkey.whatever.com, so others don't even know where
to try hacking into your system. When there's an https request generated,
first the secured tunnel is built up - just like a regular TCP connection -
and only after that is when your client starts to send the request data.
Regards,
- Cs.
