Ben Laurie wrote:
> > No - it is a limitation of the current usage of http over SSL, where the
> > SSL negotiation happens before the Host: header. It is a general problem
> > inherent in most simplistic SSL-ing of protocols, where the rush to SSL-ify
> > meant that the protocol got broken, rather than integrating SSL into the
> > protocol itself.
> >
> > See draft-ietf-tls-http-upgrade-05.txt to see how this can be fixed.
>
> This is, of course, true, but doesn't really get us anywhere, since no
> browser supports it.
Get to work. Add support for it in Mozilla. Microsoft will follow.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
