Hi,
I know SSL by itself won’t work with multiple vhosts on the same
ip/port, but is there anything i can do to circumvert this?
If not, and having to use multiple ssl ports, how can i make that as
transparent to the user as possible? I.e. avoiding the :port in the
URI?
TIA,
Nuno Magalhães
On Mon, Sep 28, 2009 at 11:13:35AM +0100, Nuno Magalh??es wrote:
Hi,
I know SSL by itself won’t work with multiple vhosts on the same
ip/port, but is there anything i can do to circumvert this?
VhostTaskForce - CAcert Wiki
Server Name Indication - Wikipedia
Yeah i had read that before and a similar one here [1], but what bugs
me is the browser support for SSLv3/TLS SNI:
* Mozilla Firefox 2.0 or later
* Opera 8.0 or later (the TLS 1.1 protocol must be enabled)
* Internet Explorer 7 (Vista, not XP) or later
* Google Chrome (Vista, not XP)
* Safari 3.2.1 Mac OS X 10.5.6
I doubt anyone still uses FF 2.0, but the others will cause problems.
I’d like to avoid relying on browser compatibility, hence my post. I
don’t want to use one general cert for multiple sites, i want one cert
per site; and no wildcard [2].
So, do i have to use mutiple ssl ports? And if yes, should/scould i
just rewrite them out or would the users running IE6 or 7 on XP have
to see https://www.mysite.com:998877 instead? Could i have nginx remap
:998877 to :433 (i.e. omitting it) once the session had been
established?
[1] Setup multiple SSL servers in one config - NGINX - Ruby-Forum
[2]
http://www.linuxquestions.org/questions/linux-server-73/juggling-http-and-https-content-for-multiple-virtual-hosts.-755949/
On Mon, Sep 28, 2009 at 11:56:25AM +0100, Nuno Magalh??es wrote:
I doubt anyone still uses FF 2.0, but the others will cause problems.
I’d like to avoid relying on browser compatibility, hence my post. I
don’t want to use one general cert for multiple sites, i want one cert
per site; and no wildcard [2].So, do i have to use mutiple ssl ports?
Yes.
And if yes, should/scould i
just rewrite them out or would the users running IE6 or 7 on XP have
to see https://www.mysite.com:998877 instead? Could i have nginx remap
:998877 to :433 (i.e. omitting it) once the session had been
established?
No. Besides, some HTTP proxies may forbid any traffic expect 80 and 443
ports.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs