On Wednesday 01 June 2005 19:01, Gervase Markham wrote: > Duane wrote: > > This is especially important for web related uses > > as you could also send the hostname you wanted to connect to before > > doing the handshaking, which means if a server has 50 certificates to > > choose from, and you send a specific hostname it can try and match that > > and send you the right certificate, rather then sending a certificate > > which is currently the case. Due to being able to reuse ports it was > > also supposed to serve the (perceived) purpose of reducing the number of > > IPs needed by web hosting companies for encrypted websites. > > As I understand it, this ability (vhosting) is part of SSL 3 as well...
That was my thought also. And what's more, Ben posted on my blog at https://www.financialcryptography.com/mt/archives/000463.html a week back that Apache 2.1 supports TLS upgrade - http://httpd.apache.org/docs-2.1/mod/mod_ssl.html#sslengine "New in Apache 2.1, SSLEngine can be set to optional. This enables support for RFC 2817, Upgrading to TLS Within HTTP/1.1. At this time no web browsers support RFC 2817." The only thing I've ever run into in "the wild" that actually does TLS upgrade as a client is CUPS. Posted by: Ben at May 21, 2005 03:22 PM Sounds very cool and desirable, but it also sounds different to vhosts support. iang -- Advances in Financial Cryptography: https://www.financialcryptography.com/mt/archives/000458.html _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
