Hi,
I know SSL by itself won’t work with multiple vhosts on the same
ip/port, but is there anything i can do to circumvert this?
If not, and having to use multiple ssl ports, how can i make that as
transparent to the user as possible? I.e. avoiding the :port in the
URI?
TIA,
Nuno Magalhães
On Mon, Sep 28, 2009 at 11:13:35AM +0100, Nuno Magalh??es wrote:
Hi,
I know SSL by itself won’t work with multiple vhosts on the same
ip/port, but is there anything i can do to circumvert this?
http://wiki.cacert.org/VhostTaskForce
VhostTaskForce - CAcert Wiki
Server Name Indication - Wikipedia
Yeah i had read that before and a similar one here [1], but what bugs
me is the browser support for SSLv3/TLS SNI:
* Mozilla Firefox 2.0 or later
* Opera 8.0 or later (the TLS 1.1 protocol must be enabled)
* Internet Explorer 7 (Vista, not XP) or later
* Google Chrome (Vista, not XP)
* Safari 3.2.1 Mac OS X 10.5.6
I doubt anyone still uses FF 2.0, but the others will cause problems.
I’d like to avoid relying on browser compatibility, hence my post. I
don’t want to use one general cert for multiple sites, i want one cert
per site; and no wildcard [2].
So, do i have to use mutiple ssl ports? And if yes, should/scould i
just rewrite them out or would the users running IE6 or 7 on XP have
to see https://www.mysite.com:998877 instead? Could i have nginx remap
:998877 to :433 (i.e. omitting it) once the session had been
established?
[1] Setup multiple SSL servers in one config - NGINX - Ruby-Forum
[2]
http://www.linuxquestions.org/questions/linux-server-73/juggling-http-and-https-content-for-multiple-virtual-hosts.-755949/
On Mon, Sep 28, 2009 at 11:56:25AM +0100, Nuno Magalh??es wrote:
I doubt anyone still uses FF 2.0, but the others will cause problems.
I’d like to avoid relying on browser compatibility, hence my post. I
don’t want to use one general cert for multiple sites, i want one cert
per site; and no wildcard [2].
So, do i have to use mutiple ssl ports?
Yes.
And if yes, should/scould i
just rewrite them out or would the users running IE6 or 7 on XP have
to see https://www.mysite.com:998877 instead? Could i have nginx remap
:998877 to :433 (i.e. omitting it) once the session had been
established?
No. Besides, some HTTP proxies may forbid any traffic expect 80 and 443
ports.