Re: HTTPS and Virtual Hosts

Mon, 22 Sep 2008 05:19:17 -0700
----- Original Message ----- From: "André Warnier" <[EMAIL PROTECTED]> 
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Monday, September 22, 2008 12:21 PM
Subject: Re: HTTPS and Virtual Hosts



Mark Thomas wrote:

Ognjen Blagojevic wrote:

André Warnier wrote:

Is the above, very roughly and approximatively still a valid
explanation of what happens, or is it totally wrong, or has something
changed in-between that I am unaware of ?

Yes, that's about it. Here is the official explanation:

  http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts

The workaround is also proposed. You can use different ports or IP
adresses for different SSL enabled virtual hosts. For instance, you
could put 2 or more network cards in the server, and than configure one
virtual host for each of these cards.


You do not need multiple NICs to support multiple IP addresses. You can
quite happily configure a NIC with multiple IP addresses.


Allright.
Thanks to everyone for the answers and references.
This was also linked to another thread "Re. Connector problem", for which I am also interested in the practical solution. 

Now, a follow-up question :
I seem to remember that there was talk about a scheme or a protocol that would allow (very roughly) a client/server pair to start a session using HTTP (not SSL), negociate, then in the course of the session "upgrade" this link to HTTPS. And that this somehow could be a solution to the Virtual Host issue under HTTPS. Am I dreaming this up, or does there exist something in that general area ?
Andre, I'm not aware of anything like it... one can actually do anything with crypto stuff, but the problem is that half the engine is built into the browser, if it doesnt want to play, it doesnt happen... there are do it yourself secure layers out there at javascript level, but they have issues... dont secure whole page etc. 

... dont think so...
However as soon as you leave the browser environment... anything is possible. 

---------------------------------------------------------------------------
HARBOR : http://www.kewlstuff.co.za/index.htm
The most powerful application server on earth.
The only real POJO Application Server.
See it in Action : http://www.kewlstuff.co.za/cd_tut_swf/whatisejb1.htm
---------------------------------------------------------------------------


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to