[WBEL-users] Apache SSL and virtualhost
Kirby C. Bohling
kbohling@birddog.com
Wed, 8 Dec 2004 16:11:02 -0600
On Wed, Dec 08, 2004 at 04:46:24PM -0500, John Hinton wrote:
> Did I read on here somewhere that you must now have an individual IP for
> every SSL virtualhost? Seems I keep running in circles adding a second
> SSL domain. :(
>
> I checked the achives, but couldn't seem to find the post. Sure would be
> nice if those archives were seachable. Complain, complain, complain. LOL!
Yes you did remember that correctly. The person who if I remember
correctly explained it best was Johnny Hughes. Essentially if I
remember the problem correctly, it is a chicken and the egg problem.
http://httpd.apache.org/docs/vhosts/name-based.html
Search for SSL on that page, it flatly states the limitation as a
fact.
Roughly, the key exchange has to be chosen before the SSL session
can begin. The name of the host won't be sent until the SSL session
has started. If I remember correctly, someone gave a lucid
explaination of why TLS would have let it work, but HTTP doesn't use
TLS.
Thanks,
Kirby
PS: Google is your friend, I found the e-mail I was thinking of
right here. If you add "WBEL" in my experience, the e-mail lists
come up fairly often.
http://www.google.com/search?hl=en&q=WBEL+SSL+Virtual+Host&btnG=Google+Search
You can even use "I'm feeling lucky" on that one.
http://beau.org/pipermail/whitebox-users/2004-September/003663.html
If I remember correctly, an unofficial archive is kept at gmame or
some similar name that archives a lot of lists, and they are very
searchable there. I just always use google. If you include
"site:beau.org", you'll be searching the mailing list entries that
Google has indexed.