On 2015-05-01 20:02, Samuel Penn wrote:
> On Friday 01 May 2015 19:56:29 Neil Stone wrote:
>> Https and name based vhosts don't mix well... that's the first thing
>> I
>> found that was causing me issues.
>>
>> I will dig out my notes from last time I did this....
>
> Yep. The URL used to access the web server is encrypted by the https,
> so until Apache decrypts it, it doesn't know which virtual host to
> forward the request to.
>
> The SSL configuration is on a per virtual host basis, so until it
> knows the virtual host, it can't decrypt it.
Don't forget the TLS SNI (Server Name Indication) handshake extension -
its been in OpenSSL and others for around 10 years now and is supported
by all major browsers, simply put it allows the client to send the
host/servername along with initial handshake such that multiple https
(or any other tls encapsulated protocol) vhosts can be served from the
same port & ip address. it is also supported by most servers which in
turn use OpenSSL so Apache, Cherokee, Nginx etc etc :)
Paul
--
Core Internet Limited T +44(0)1329 800 300
https://www.coreinternet.net/ F +44(0)1329 800 301
#-------------( AS44345 / AS39126 )---------------#
--
Please post to: Hampshire@???
Web Interface:
https://mailman.lug.org.uk/mailman/listinfo/hampshire
LUG URL:
http://www.hantslug.org.uk
--------------------------------------------------------------
