You are viewing a plain text version of this content. The canonical link for it is here.

Posted to docs@httpd.apache.org by Apache Wiki <wi...@apache.org> on 2013/01/07 23:02:19 UTC

[Httpd Wiki] Update of "NameBasedSSLVHosts" by TimBannister

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.

The "NameBasedSSLVHosts" page has been changed by TimBannister:
http://wiki.apache.org/httpd/NameBasedSSLVHosts?action=diff&rev1=14&rev2=15

Comment:
Added a link to NameBasedSSLVHostsWithSNI 

- (!) '''THIS IS A SCRATCHPAD DOCUMENT, PLEASE CONSIDER THIS WHEN READING ON''' (!) (See ScratchPad for a definition of this term.)
- 
  ## page was renamed from ScratchPad/NameBasedSSLVHosts
  == Name-Based VirtualHosts and SSL ==
+ 
+ Also see [[NameBasedSSLVHostsWithSNI|SSL with Virtual Hosts Using SNI]]
  
  As a rule, it is impossible to host more than one SSL virtual host on the same IP address and port. This is because Apache needs to know the name of the host in order to choose the correct certificate to setup the encryption layer. But the name of the host being requested is contained only in the HTTP request headers, which are part of the encrypted content. It is therefore not available until after the encryption is already negotiated. This means that the correct certificate cannot be selected, and clients will receive certificate mismatch warnings and be vulnerable to man-in-the-middle attacks.
  

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org