Tony Anecito wrote:
Hi All,
I have heard a strange story about how using 1 port
for Apache SSL is not a good idea for performance. I
heard if you have three sites usign the same SSL port
it could really slow down performance as compared to
putting those sites on separate ports for SSL.
Should not each site have it's own port for SSL?
---------------- End original message. ---------------------
Where did you hear that?
What is true is that you cannot do name-based virtual hosts on the
same IP address with multiple domain names and have that work
correctly (that subject comes up here all the time). Basically, you
have to use a separate IP address for each domain name so that SSL
negotiation serves the correct certificate for the domain. This is a
limitation of the protocol that establishes SSL connections and there
is really no legitimate way around how it works. (There is a way to
"cheat" and use "wild card certificates" but that is considered bad
practice and should not be done).
All of these IP addresses can and should run on port 443 for SSL
unless you have another compelling reason to do something different.
Each of these instances will be separate ports because each IP
address has its own set of ports that are not shared. In other words,
port 443 on IP 192.168.1.100 is not the same as port 443 on IP 10.3.67.24
Perhaps the requirement for a unique IP address is the source of the
confusion?
Dragon
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
