On Sat, 2002-09-28 at 11:21, John Ferlito wrote: > It's not possible. The problem is that Apache cannot work out what key > to use. ie in normal port 80 http the client connects to the webserver > and does the following > > GET / HTTP/1.1 > Host: www.slug.org.au > > the Host: header tells apache which virtual to use ie via the ServerName > and ServerAlias directives.
Yes, there is a solution though it's not in widespread use. There's a rfc on it (sorry, I forget the number - search for TLS and HTTP/1.1): GET / HTTP/1.1 Host: www.slug.org.au Connection: Upgrade Upgrade: TLS/1.0 HTTP/1.1 101 Switching Protocols Upgrade: TLS/1.0 TLS data starts here - and the server knows the Host name. > I've been thinking of how feasible it would be to write some sort of > apache patch that just trys to decrpyt the connection with all the keys > untill it gets a valid decryption but I'm sure this wouldn't scale very > well :) AFAIK, this won't work at all, because the encryption secret is generated per-connection, using the SSL keys for identification alone. Rob
signature.asc
Description: This is a digitally signed message part
