Re: modssl + http-1.1 works?

Sun, 22 Apr 2001 07:17:41 -0700 

> 
> Could anyone please explain what is namebased and what is IP based?  What
> are the differences and how they work for SSL connections handling?
> Can I use the following declaration for Virtual Host declaration with
> modSSL? I am having problems with IE Browsers ONLY while connecting from
> dial-up connections. I want to know whether this is any reason for that.!

I can't help much with the MSIE problem, but here's name-based vs. IP based:

IP-based is where each VHost has it's own IP address, name-based is where
many VHosts share a single IP address.  HTTP/1.0 only supported IP based,
due to the connection protocol:

% telnet one.fish.com 80
Connected to 1.2.3.4
GET /index.html HTTP/1.0

<server responds with /index.html for one.fish.com>

% telnet two.fish.com 80        # (assume one.fish and two.fish not same IP)
Connected to 1.2.3.5
GET /index.html HTTP/1.0
 
<server responds with /index.html for two.fish.com>
  

With HTTP/1.1, a new request header (Host) was added, which is always
transmitted from browser to server, and which *may* be interpreted by
the server (it *is*, if name-based hosting is used, and not if not).

% telnet one.fish.com 80
Connected to 1.2.3.4
GET /index.html HTTP/1.1
Host: one.fish.com

<server responds with /index.html for one.fish.com>

% telnet two.fish.com 80        # (assume one.fish and two.fish *same* IP)
Connected to 1.2.3.4
GET /index.html HTTP/1.1
Host: two.fish.com

<server responds with /index.html for two.fish.com>


With SSL, the connection is established *first* based on IP address, and once
the connection is made, the HTTP/1.x communication occurs.  You can't use
name-based VHosting and SSL, because the connection is made to an IP address,
the SSL communication is made based on the sertificate associated with the
host-name associated with that address - and you can't "switch" names once
the communication has started.

-Dan
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to