On 10/04/07, Colm MacCarthaigh <colm at stdlib.net> wrote:
> You're each wrong. There are now 3 mechanisms by which you can do
> virtual-host https;
>> 1. Use a widlcard host record in the signed cert, and you
> can virtual-host out say www.linux.ie and webmail.linux.ie
> to different locations. Works just fine.
Well, I just thought it would muddy the waters to talk about wildcard certs,
as it doesn't solve the general case.
2. Use TLS server name indication (SNI), this is actually
> supported in modern browsers and puts the hostname
> negotiation in the SSL layer itself.
I didn't know about this one; thanks for the pointer.
3. Use the HTTP UPGRADE directive to initiate a TLS connection
> after supplying the Host header. This does not enjoy wide
> support in browsers, but it is support in a variety of
> other HTTP clients and is useful when building APIs and
> services that use HTTP as a transport layer.
Better and better. This is what happens when one moves into manager-land;
one loses touch with the coalface. My earlier comments about STARTTLS not
being available in HTTP are hereby retracted...
As a matter of interest, are there any standardised URI formats proposed to
use this?
Colm
--
Colm Buckley / colm at tuatha.org / +353 87 2469146
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
