On Sun, Sep 27, 1998, Olivier Mueller wrote:
> > 1. Make sure your virtual hosts are IP-based
> > (see http://www.engelschall.com/sw/mod_ssl/docs/manual21b.html#FAQ-vhosts
> > for the reason)
>
> Ok. I understand that it doesn't work now. But will it work later, wit
> newer versions of Apache/mod_ssl/SSLeay ?
No, I already though long about this chicken and egg problem last week and
whether it would be possible do some read-ahead tricks, etc. But such tricks
cannot work, because after the initial SSL handshake is done the SSL `Change
CipherSpec' messages are sent and all subsequent transfers already use this
new cipher. So one _cannot_ do e.g. a 2KB read-ahead on the socket or other
tricks. So, IMO it's _impossible_ to provide Name-based virtual hosting with
with HTTPS. At least the way Apache virtual hosting works. So, don't expect
newer versions of Apache/mod_ssl/SSLeay will provide this.
> > 2. Copy your <VirtualHost> sections and
> > - replace `..:80>' with `..:443>'
> > - Add `SSLEnable' and `SSLCertificatePath', etc.
> > to the new sections (see the httpd.conf-dist
> > file for hints which directives you should use)
> > 3. Add `SSLDisable' to the old <VirtualHost>
> > sections or at least the main server (outside
> > any <VirtualHost> sections)
>
> Thanks a lot, it works nicely. I suggest you put this question and the
> answer in your faq.
I'll do. Thanks for the hint.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
