Comments: SSL v2 Must Die - Notice of Extinction to be issued

Are there any webservers that support name-based https virtual hosting? How it possible at all?

Several services (e.g. SMPT) can run concurrently on the same port as their TLS-protected counterparts. Is that true for http?

And the most important question: where is good documentation?

Posted by Daniel A. Nagy at September 6, 2005 09:04 PM

It's totally true that services can run on the same port as their TLS-protected counterparts. Actually, SSL/TLS is woking on TCP/IP layer so as soon as you use SSL/TLS you can use whatever port you want, so it's true for http - the usual port for HTTPS is 443.
For starting documentation I think you can try this : http://httpd.apache.org/docs/2.0/ssl/ssl_intro.html

Posted by Silver_h at September 7, 2005 03:41 AM

This is almost OT, but there is a misconfiguration on this website that keeps biting me.

The RSS feeds link to https://www.financialcryptography.com/mt/archives/..., however the SSL cert is only valid for financialcryptography.com (i.e. not www.financialcryptography.com or *.financialcryptography.com) and so my browser throws up a warning every time I follow a link from RSS.

Posted by Robin at September 7, 2005 05:26 AM

The best source of info on how to create certs for sharing vhosts over TLS at the moment is the VHost Task Force page over at CACert. Click on the link below.

Sadly, the page concludes that this is not really totally possible as yet ... Servers such as Apache have just started to roll out some of the facilities needed, but browsers are not capable of probing these facilities until SSL v2 is no longer an issue.

Posted by VhostTaskForce at September 7, 2005 11:02 AM

@Silver_h
You missed my question completely. I know very well how to configure https servers as I have been doing that for a living at an earlier time in my career.
What I was asking is running http and https on the same port at the same time, much as SMPT and SMTP/TLS can be run simultaneously. Also, I was asking about running name-based virtual hosting via https, which the link that you provide explicitly claims to be impossible.
The previous comment answers my question so thanks to VHostTaskForce.

Posted by Daniel A. Nagy at September 7, 2005 04:45 PM
Post a comment









Remember personal info?






Hit Preview to see your comment.
MT::App::Comments=HASH(0x5603454b1f88) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/Object.pm line 125.