"Michael T. Babcock" wrote:
> If one were to use an http accelerator (like squid, for example) to
> redirect hits to an outside IP address and have each domain rewritten to
> an internal IP address, then serve the SSL pages off of those individual
> private IPs, would it work?
I am assuming that a redirector is just some kind of packet-inspecting
smart switch. In that case:
How does the redirector know which internal IP address to use? It better
not have to look at the ServerName because it doesn't know it yet!
Look at it this way: A packet comes along with the external IP address
and port 443 written on the envelope. Inside is a request to start an
SSL transaction. There is no mention of the ServerName or indeed of any
HTTP level information. The whole SSL key-exchange rigmarole has to
proceed *before* any HTTP information is transferred (otherwise some of
the HTTP info would be unencrypted).
However, if you have some clever way of establishing the SSL session
with the *redirector*, then you might get around it but I've never heard
of anything like that and so can't comment on it.
Rgds,
Owen Boyle.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
