[WBEL-users] Apache SSL and virtualhost

[Kirby C. Bohling]

On Wed, Dec 08, 2004 at 04:46:24PM -0500, John Hinton wrote:
> Did I read on here somewhere that you must now have an individual IP for 
> every SSL virtualhost? Seems I keep running in circles adding a second 
> SSL domain. :(
> 
> I checked the achives, but couldn't seem to find the post. Sure would be 
> nice if those archives were seachable. Complain, complain, complain. LOL!

Yes you did remember that correctly.  The person who if I remember
correctly explained it best was Johnny Hughes.  Essentially if I
remember the problem correctly, it is a chicken and the egg problem.

http://httpd.apache.org/docs/vhosts/name-based.html

Search for SSL on that page, it flatly states the limitation as a
fact.

Roughly, the key exchange has to be chosen before the SSL session
can begin.  The name of the host won't be sent until the SSL session
has started.  If I remember correctly, someone gave a lucid
explaination of why TLS would have let it work, but HTTP doesn't use
TLS.


	Thanks,
		Kirby

PS:  Google is your friend, I found the e-mail I was thinking of
right here.  If you add "WBEL" in my experience, the e-mail lists
come up fairly often.

http://www.google.com/search?hl=en&q=WBEL+SSL+Virtual+Host&btnG=Google+Search

You can even use "I'm feeling lucky" on that one.

http://beau.org/pipermail/whitebox-users/2004-September/003663.html

If I remember correctly, an unofficial archive is kept at gmame or
some similar name that archives a lot of lists, and they are very
searchable there.  I just always use google.  If you include
"site:beau.org", you'll be searching the mailing list entries that
Google has indexed.