[CLUE-Tech] apache ssl only on non-well-known port?
Jim Ockers
ockers at ockers.net
Fri Apr 2 11:03:03 MST 2004
Angelo,
Angelo Bertolli wrote:
>
> I just went through setting up my first SSL connection for a domain
> using mod_ssl... and one of the things I found out to my dismay is that
> you can only have on SSL connection per IP when you are doing virtual
> hosting. I don't know why there is this limitation. I'll be happy to
> share my configuration in httpd.conf if it makes things easier.
The SSL key exchange happens before any HTTP data is exchanged.
The SSL keys are issued to specific hosts (unless you issue your own).
Therefore the SSL key has to match the hostname that is using that key.
The browser uses information in the key (common name) to compare with
the servername that was in the URL; if they don't match it throws an
error dialog box up.
The normal HTTP/1.1 virtual server setup has a bunch of information
sent to the server by the browser before the server starts returning
information.
With SSL the server returns information (the key) as part of the key
exchange before the browser can tell it what site it wanted to connect.
Hope this helps,
Jim
--
Jim Ockers, P.Eng. (ockers at ockers.net)
Contact info: please see http://www.ockers.net/
More information about the clue-tech
mailing list