[jdev] virtual hosting and certificate checking
Jesus Cea
jcea at argo.es
Thu Mar 2 17:06:07 CST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Norman Rasmussen wrote:
> Don't forget option #3:
>
> Just like HTTPS, each hostname/certificate has to have it's own IP
> address - this is so that we can tell which certificate to present
> based on the IP the client has just connected to.
In current TLS, client gives the host it is trying to connect, BEFORE
negociating crypto. So if you are using a modern webserver and a modern
browser, you can share the IP.
I just don't remember if this feature is present in TLS 1.0 or in the
current draft for next revision.
- --
Jesus Cea Avion _/_/ _/_/_/ _/_/_/
jcea at argo.es http://www.argo.es/~jcea/ _/_/ _/_/ _/_/ _/_/ _/_/
_/_/ _/_/ _/_/_/_/_/
PGP Key Available at KeyServ _/_/ _/_/ _/_/ _/_/ _/_/
"Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/
"My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQCVAwUBRAd6X5lgi5GaxT1NAQJc2QQAlsXsEUB4jxqUW7/A1MCKUdeR/g+hkl7f
WKgxNyoZ1gmMuJHlUfbFX/J9LV7H9807KgewnkjQT30YLj1NIitsMI1hXw/+QsuN
hADOfPTd8Y1aRlSDNRglJ4QEgWAd9Mrcag1C/OACTxCpK1OL4pvQNM7zWfCRWxVM
45Mygv3h/ZA=
=kUYw
-----END PGP SIGNATURE-----
More information about the JDev
mailing list