[Gllug] Public IPs - When are they appropriate
Simon Wilcox
simonw at simonwilcox.co.uk
Thu Nov 15 13:56:57 UTC 2001
On 15 Nov 2001, Xander D Harkness wrote:
> One of the requirements for multiple IPs per machine at present is SSL.
> Apache does not at present support Virtual hosting for SSL by name, only
> by IP address. Though I do not know if there are any plans to change
> this in the near future.
It's not a limitation of Apache but rather the protocol.
SSL encrypts the entire request, including the HTTP header. Before the
server can decrypt the request it needs to get configuration details and
keys from the virtual host but it can't know which one to look at because
the HTTP Host header is encrypted !
Which is why only IP based virtual hosting works as you have an external
reference to use for the lookup.
IPv6 is supposed to fix the encryption side of things and there's
supposedly a revised SSL spec on the way to resolve it but neither will be
much use until the browser authors adopt the standard. And we all know who
the main culprit is there... ;-)
There's more info on the mod_ssl site
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47
Simon.
--
"Unix is like a Vorlon - strange, powerful, terse, cryptic, and there's a
lot of stuff going on the the background you don't understand."
- Jerakeen on #london.pm
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list