[olug] Help w/ my server
Christopher Cashell
topher-olug at zyp.org
Mon Jul 23 22:47:43 UTC 2012
On Mon, Jul 23, 2012 at 5:17 PM, Kevin <sharpestmarble at gmail.com> wrote:
>
> This is true. And one thing that is very highly regarded(and rightly
> so) is KISS. But I do remember that some recent version of TLS
> specifically permitted VirtualHosts using encryption. Because the
> public certificate is sent before the connection is handed off to
> HTTP, there had to be a way for the host to specify what host it was
> connecting to, so the server would know what certificate to send.
> IIRC, this ws enabled by TLS sending the server a hostname.
Yeah, it's called Server Name Indication (SNI). It's an extention to
SSL/TLS that includes the hostname being requested as part of the
connection establishment. However, it's not very widely deployed
(from my experience, and what I've heard), because there's still a
significant minority of Internet users that run browsers which doesn't
support it (such as IE on Windows XP).
--
Christopher
More information about the OLUG
mailing list