On Tue, Aug 29, 2000 at 06:43:30PM -0400, jlewis@lewis.org wrote:
Unless something's changed recently, SSL still requires IP based virtual hosting. Here's a clipping from the c2.net Stronghold FAQ:
Should I use name-based or IP-based virtual hosts?
Name-based virtual hosts do not work with SSL because certificates are sent before server names are established. Secure virtual hosts must be either IP-based or port-based. IP-based virtual hosts are more convenient, as users would have to remember the port numbers for port-based virtual hosts.
Nothing has changed. There still is a chicken/egg relationship with trying to do namebased virtual hosts with SSL. You have to know which certificate to present based on the name... and ... you don't know the name until the certificate exchange is complete. Speaking as a application provider who _has_ to have independent sites running SSL per customer, I still need a 1:1 relationship with IP and hosts. ARIN need to take a hit off the clue-pipe before coming down with such a far-right policy. -- Bill Fumerola - Network Architect, BOFH / Chimes, Inc. billf@chimesnet.com / billf@FreeBSD.org