Hi Matt, Thanks for the reply.
I can't have as many instances of httpd running as there are number of sites, so I've to figure out a way to do it using single instance of httpd running (I'm not bothered about the forks performed by apache itself). I think I've found a solution to this by patching ssl_io_filter_connect() function in ssl_engine_io.c. Before mod_ssl tries to make a connection with OpenSSL (either SSL_connect, or SSL_accept), I make a call to SSL_set_cipher_list() to set cutomized cipher list. This way, just before connection takes place, I've customized cipher-suite in place. Regards, -Sourabh --- Matt Stevenson <[EMAIL PROTECTED]> wrote: > AFAIK this is not possible with a virtual host. > However there is no reason you can't run each > virtual > host as it's own server (split off into own config, > use the -f and -d options). It really depends on the > your load and flexibility requirements. Currently > some > servers I manage have 50+ apache servers. While not > the best for memory and efficency, the flexibility > is > good. > > Regards > Matt > > --- Sourabh Bhandari <[EMAIL PROTECTED]> > wrote: > > > Hi, > > > > I've Apache running as reverse proxy on Linux with > > SSL > > (mod_ssl). > > > > There are multiple sites behind the Apache. > > > > There are cases when cipher-suite or certificate > for > > a > > site has to be changed. In that case Apache is > > restarted to take changes in account. > > > > This results in disconnection of all the connected > > users (whether they are connected for site for > which > > changes are done or for the sie for which nothing > > has > > been changed). > > > > Is there a way I can modify cipher-suite or > > certificate so that I dont need to restart the > > Apache > > and all the users session stay valid and working. > (I > > wont mind if users connected to site for which > > changes > > are made get disconnected). > > > > Thanks in advance, > > > > -Sourabh > > > > __________________________________________________ > > Do You Yahoo!? > > Tired of spam? Yahoo! Mail has the best spam > > protection around > > http://mail.yahoo.com > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) > > > www.modssl.org > > User Support Mailing List > > [email protected] > > Automated List Manager > > [EMAIL PROTECTED] > > > > > > ____________________________________________________ > > Yahoo! Sports > Rekindle the Rivalries. Sign up for Fantasy Football > > http://football.fantasysports.yahoo.com > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) > www.modssl.org > User Support Mailing List > [email protected] > Automated List Manager > [EMAIL PROTECTED] > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
