[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SSL cert per virtual host.
On Wed, 20 Mar 2002 15:26:54 +0100 Vazquez Javier <firstname.lastname@example.org> wrote:
> AFAIK it's the name that counts and not the IP. So I would say you can
> use different certs on the same ip and all on port 443.
the SSL handshaking is done before the Host header is transmitted, so the
web server can't know which certificate to use until after all the SSL
stuff is already done. it's a chicken and egg problem, and a design flaw in
HTTP of SSL.
Rescorla's book on SSL and TLS talks about this exact problem in
section 9.17. supposedly, fixing this is on the list of things that might
get done in TLSv2, when-and-if that ever happens.
Richard Welty email@example.com
Averill Park Networking 518-573-7592
Unix, Linux, IP Network Engineering, Security