[jdev] virtual hosting and certificate checking
Tony Finch
dot at dotat.at
Fri Mar 3 03:41:23 CST 2006
On Fri, 3 Mar 2006, Jesus Cea wrote:
>
> In current TLS, client gives the host it is trying to connect, BEFORE
> negociating crypto. So if you are using a modern webserver and a modern
> browser, you can share the IP.
>
> I just don't remember if this feature is present in TLS 1.0 or in the
> current draft for next revision.
This is an RFC 3546 extension to TLS 1.0 - the "server name indication".
It appears that this is not supported by OpenSSL but it is by GnuTLS.
"Modern browser" in this situation means released within the last few
months.
Tony.
--
f.a.n.finch <dot at dotat.at> http://dotat.at/
RATTRAY HEAD TO BERWICK ON TWEED: CYCLONIC 3 OR 4, OCCASIONALLY 5, BECOMING
NORTH OR NORTHWEST 5 OR 6 DURING THIS EVENING AND OVERNIGHT. SCATTERED SNOW
SHOWERS. GOOD FALLING POOR IN SHOWERS. MODERATE OR ROUGH.
More information about the JDev
mailing list