On Friday 03 March 2006 01:41, Tony Finch wrote: > On Fri, 3 Mar 2006, Jesus Cea wrote: > > In current TLS, client gives the host it is trying to connect, BEFORE > > negociating crypto. So if you are using a modern webserver and a modern > > browser, you can share the IP. > > > > I just don't remember if this feature is present in TLS 1.0 or in the > > current draft for next revision. > > This is an RFC 3546 extension to TLS 1.0 - the "server name indication". > It appears that this is not supported by OpenSSL but it is by GnuTLS. > "Modern browser" in this situation means released within the last few > months.
Hmm, there shouldn't be a need to introduce server names into TLS, which is technically supposed to exist independently of TCP/IP. IMO, a better way would be to use RFC 2817, which allows upgrading a plaintext HTTP connection to TLS dynamically. It works essentially the same way as XMPP's "starttls". Sadly, no one actually uses this great spec. -Justin
