[EMAIL PROTECTED] wrote:
>
> People wrote
>
> >> It would be really nice to take advantage of Apache's multiple virtual
> >> domain capability in conjunction with SSL and have a certificate that
> >> didn't cause a 'Certificate Name Check' dialog to pop up on every
> >> connection for domains other than the one in the certificate.
> >
> > snip
> >
> >>
> >> Anyone have a solution to this? Think there will be one?
>
> >No. Its an inherent limitation of the SSL/TLS protocol.
>
> No - it is a limitation of the current usage of http over SSL, where the
> SSL negotiation happens before the Host: header. It is a general problem
> inherent in most simplistic SSL-ing of protocols, where the rush to SSL-ify
> meant that the protocol got broken, rather than integrating SSL into the
> protocol itself.
>
> See draft-ietf-tls-http-upgrade-05.txt to see how this can be fixed.
This is, of course, true, but doesn't really get us anywhere, since no
browser supports it.
Cheers,
Ben.
--
SECURE HOSTING AT THE BUNKER! http://www.thebunker.net/hosting.htm
http://www.apache-ssl.org/ben.html
Y19100 no-prize winner!
http://www.ntk.net/index.cgi?back=2000/now0121.txt
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
