Dariusz PAWLAK wrote:
> hi!
> How can I switch on SSL for named virtual hosts in Apache?
> best regards drAGO
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
Why can't I use SSL with name-based/non-IP-based virtual hosts? [L]
The reason is very technical. Actually it's
some sort of a chicken and egg
problem: The SSL protocol layer stays below the
HTTP protocol layer and
encapsulates HTTP. When an SSL connection
(HTTPS) is established
Apache/mod_ssl has to negotiate the SSL
protocol parameters with the client.
For this mod_ssl has to consult the
configuration of the virtual server (for
instance it has to look for the cipher suite,
the server certificate, etc.).
But in order to dispatch to the correct virtual
server Apache has to know the
Host HTTP header field. For this the HTTP
request header has to be read. This
cannot be done before the SSL handshake is
finished. But the information is
already needed at the SSL handshake phase.
Bingo!
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
