> It may seem that at present it's a bit of a moot point since you can't
have
> multiple SSL sites on a single IP
This is not true if you run HTTPS on another port. In our world, this was
the initial problem. We have a main web site that has HTTPS for
registration and login. After the login, we redirect to another web
application (currently on the same computer) using HTTPS but with a
different port number. This worked fine on all browsers except AOL's that
apparently decided to be slower, increase the congestion on the net and
increase consumption of DNS resources, just so they could do a confirmation
that is not even semantically correct (hell, a digital cert is assigned to a
host name, not an IP address), and if they don't believe the first DNS
lookup had the correct answer about which IP address belonged to the host
name, why do they trust the second DNS lookup to be correct for the reverse
lookup?
David
P.S. And yes, there's a backend handshake between the two web apps to ensure
that the redirected user really did login through the first site <smile>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
