Sunder <[EMAIL PROTECTED]> writes: > The worst trouble I've had with https is that you have no way to use host > header names to differentiate between sites that require different SSL > certificates. > > i.e. www.foo.com www.bar.com www.baz.com can't all live on the same IP and > have individual ssl certs for https. :( This is because the cert is > exchanged before the http 1.1 layer can say "I want www.bar.com" > > So you need to waste IP's for this. Since the browser standards are > already in place, it's unlikely to be to find a workaround. i.e. be able > to switch to a different virtual host after you've established the ssl > session. :( This is being fixed. See draft-ietf-tls-extensions-06.txt
-Ekr -- [Eric Rescorla [EMAIL PROTECTED] http://www.rtfm.com/