Re: Can't have SSL with multiple domain names on a single server...

Mon, 21 Feb 2000 02:09:31 -0800 

I was thinking of a simple site architecture that might apply to a wide
range of web sites:

- the first page is plain HTTP,
- it contains links to HTTPS URL specifying the IP address,
- the SSL server can assume that the client is using the IP address as the
server name.

Note: it works with CNAME's multi-homed servers.

Nicolas Roumiantzeff.

-----Message d'origine-----
De : Richard Levitte - VMS Whacker <[EMAIL PROTECTED]>
� : [EMAIL PROTECTED] <[EMAIL PROTECTED]>; [EMAIL PROTECTED]
<[EMAIL PROTECTED]>
Date : lundi 21 f�vrier 2000 10:28
Objet : Re: Can't have SSL with multiple domain names on a single server...


>From: "Nicolas Roumiantzeff" <[EMAIL PROTECTED]>
>Subject: Re: Can't have SSL with multiple domain names on a single
server...
>Date: Mon, 21 Feb 2000 09:33:21 +0100
>Message-ID: <002001bf7c46$4fc48f60$[EMAIL PROTECTED]>
>
>nicolasr> >Nope, the host name is strictly part of the HTTP headers, and
not
>nicolasr> >available until after the SSL connection has been made.
>nicolasr>
>nicolasr>
>nicolasr> The IP address is available though. You could do a reverse
>nicolasr> DNS lookup to get the server name.
>
>That doesn't help if the multiple domain web sites are implemented
>through CNAMEs, which is common practice these days with all the
>current common restrictions on the use of IP addresses.
>
>nicolasr> But you would have to gess if the user uses  an URL with the
>nicolasr> server name or with the IP address directly.
>
>At the SSL level, you have to do that anyway, since all you have is
>the peer address that you do a reverse lookup on...
>
>--
>Richard Levitte   \ Spannv�gen 38, II \ [EMAIL PROTECTED]
>Redakteur@Stacken  \ S-161 43  BROMMA  \ T: +46-8-26 52 47
>                    \      SWEDEN       \ or +46-708-26 53 44
>Procurator Odiosus Ex Infernis             -- [EMAIL PROTECTED]
>
>Unsolicited commercial email is subject to an archival fee of $400.
>See <http://www.stacken.kth.se/~levitte/mail/> for more info.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to