Multiple ssl vhosts

Hi,

I know SSL by itself won’t work with multiple vhosts on the same
ip/port, but is there anything i can do to circumvert this?

If not, and having to use multiple ssl ports, how can i make that as
transparent to the user as possible? I.e. avoiding the :port in the
URI?

TIA,
Nuno Magalhães

On Mon, Sep 28, 2009 at 11:13:35AM +0100, Nuno Magalh??es wrote:

Hi,

I know SSL by itself won’t work with multiple vhosts on the same
ip/port, but is there anything i can do to circumvert this?

http://wiki.cacert.org/VhostTaskForce
http://en.wikipedia.org/wiki/Server_Name_Indication

http://wiki.cacert.org/VhostTaskForce
http://en.wikipedia.org/wiki/Server_Name_Indication

Yeah i had read that before and a similar one here [1], but what bugs
me is the browser support for SSLv3/TLS SNI:
* Mozilla Firefox 2.0 or later
* Opera 8.0 or later (the TLS 1.1 protocol must be enabled)
* Internet Explorer 7 (Vista, not XP) or later
* Google Chrome (Vista, not XP)
* Safari 3.2.1 Mac OS X 10.5.6

I doubt anyone still uses FF 2.0, but the others will cause problems.
I’d like to avoid relying on browser compatibility, hence my post. I
don’t want to use one general cert for multiple sites, i want one cert
per site; and no wildcard [2].

So, do i have to use mutiple ssl ports? And if yes, should/scould i
just rewrite them out or would the users running IE6 or 7 on XP have
to see https://www.mysite.com:998877 instead? Could i have nginx remap
:998877 to :433 (i.e. omitting it) once the session had been
established?

[1] http://www.ruby-forum.com/topic/186664#815197
[2]
http://www.linuxquestions.org/questions/linux-server-73/juggling-http-and-https-content-for-multiple-virtual-hosts.-755949/

On Mon, Sep 28, 2009 at 11:56:25AM +0100, Nuno Magalh??es wrote:

I doubt anyone still uses FF 2.0, but the others will cause problems.
I’d like to avoid relying on browser compatibility, hence my post. I
don’t want to use one general cert for multiple sites, i want one cert
per site; and no wildcard [2].

So, do i have to use mutiple ssl ports?

Yes.

And if yes, should/scould i
just rewrite them out or would the users running IE6 or 7 on XP have
to see https://www.mysite.com:998877 instead? Could i have nginx remap
:998877 to :433 (i.e. omitting it) once the session had been
established?

No. Besides, some HTTP proxies may forbid any traffic expect 80 and 443
ports.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs