[nycbug-talk] Apache ssl virtual domains on single IP
Jeronimo Romero
jromero
Sun May 9 00:19:12 EDT 2004
OK... This is what the mod_ssl FAQ says:
Why can't I use SSL with name-based/non-IP-based virtual hosts??? [L]
The reason is very technical. Actually it's some sort of a chicken and
egg problem: The SSL protocol layer stays below the HTTP protocol layer
and encapsulates HTTP. When an SSL connection (HTTPS) is established
Apache/mod_ssl has to negotiate the SSL protocol parameters with the
client. For this mod_ssl has to consult the configuration of the virtual
server (for instance it has to look for the cipher suite, the server
certificate, etc.). But in order to dispatch to the correct virtual
server Apache has to know the Host HTTP header field. For this the HTTP
request header has to be read. This cannot be done before the SSL
handshake is finished. But the information is already needed at the SSL
handshake phase. Bingo!
More information about the talk
mailing list