Yes, you´re right. Apache included server name indication support in the release 2.2.12.
Hecber
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Victor B. Wagner
Sent: Monday, November 16, 2009 3:50 PM
To: [email protected]
Subject: Re: RE: how to merge multiple public domain certs into one file?
On 2009.11.15 at 21:01:13 -0500, H??cber C??rdova wrote:
> Hi *,
>
> Certainly you can configure Apache to use virtualHosts based on
domain names,
> and this works perfect with HTTP (1.1). However, this cannot be achieved
using
> SSL, and the answer is simple, the SSL is established using the server IP,
and
> during the SSL negotiation (handshake), there is no mention to
> servername/domain, the server certificate/private keys are used during the
> negotiation, and Apache needs to know what certificate is going to use
(and
Since 0.9.8f OpenSSL supports SNI (server name indication) TLS
extension. Support of this extension in mod_ssl is discussed on
[email protected] for years, and even if it haven't yet got into
release, you definitely can find patches in the apache bugzilla.
So, it is theoretially possible for Apache to know name of virtual host
on the stage of TLS handshake. But only if browser supports this
extension (it seems that all modern browsers do).
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
smime.p7s
Description: S/MIME cryptographic signature
