On Tue, Apr 10, 2007 at 09:20:47AM +0100, Colm Buckley wrote:
> >There is one important difference when hosting. https can not be used to
> >serve multiple domains from the same IP address (ie. you need one IP
> >address per domain) contrary to this when using http you can have many
> >domains served from the same IP address.
>>> This is not strictly true; you need one unique *port* per HTTPS service
You're each wrong. There are now 3 mechanisms by which you can do
1. Use a widlcard host record in the signed cert, and you
can virtual-host out say www.linux.ie and webmail.linux.ie
to different locations. Works just fine.
2. Use TLS server name indication (SNI), this is actually
supported in modern browsers and puts the hostname
negotiation in the SSL layer itself.
3. Use the HTTP UPGRADE directive to initiate a TLS connection
after supplying the Host header. This does not enjoy wide
support in browsers, but it is support in a variety of
other HTTP clients and is useful when building APIs and
services that use HTTP as a transport layer.
Colm MacCárthaigh Public Key: colm+pgp at stdlib.net
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!