On Mon, Jun 22, 2009 at 12:46:46PM -0400, Dave Steinberg wrote: > Matti Aarnio wrote: > >The Pound proxy web page says that "one can not do named virtual hosts > >on HTTPS, because the protocol does not support it". This used to > >be true, but necessary specification got ratified as standards track > >RFC in August 2006. Apprently it is not well known... > > > >The RFC 4366 defines extensions mechanism on TLS, and few extensions. > >One of those is "Server Name Indication", whereby the TLS client tells > >the TLS server, which virtual server subsystem it is interested in. > > Any idea what the browser support is like? I was under the impression > that this wasn't really worth implementing yet because browser support > made it a nonstarter. But maybe that's changed?
I found following documents enlighting in this regard: https://www.switch.ch/pki/meetings/2007-01/namebased_ssl_virtualhosts.pdf http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI Lack of browser support may or may not be important, TLS clients exist also on machine-to-machine applications. And for that matter: I can hear browser developers thinking that ignoring this feature is good choice because there are no servers offering it... (Just that microsoft chooses not to implement it on all of their browser lines is great way to limit the number of clients..) > Regards, > -- > Dave Steinberg > http://www.geekisp.com/ > http://www.steinbergcomputing.com/ Best Regards, Matti Aarnio -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
