On 06/10/2014 10:41 AM, Stephan Seitz wrote: >> In the end, I ended up with TWO <VirtualHost> blocks in the Apache >> config after all. All works now, as long as you remember to add >> "NameVirtualHost *:443"! >> >> For reference, the following is my full Apache config for HTTPS on >> keyserver.zap.org.au: > > Since some clients don't use SNI, I'ld swap the entries so the hkps-pool > entry serves first as default. That way, without SNI capability the > hkps-pool certificate is offered.
I believe that SNI is considered mandatory for HKPS.
If you're talking about web browsers for people manually looking at the
sites, then we're talking about only (a) older android clients or (b)
IE and safari on Windows XP. I'm not sure how important those are, or
whether it's worthwhile to bother with any changes on their behalf.
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
