Frank Hecker wrote:
Nelson B Bolyard wrote:
What does "https cannot be easily shared across one IP numbers" mean?
I presume Ian is referring to the case of multiple virtual hosts sharing
a single IP address (due to lack of SNI support in deployed versions of
Apache).
Yes; one Apache httpd opens SSL port, and this can (effectively) be
only used for one certificate.
This is because the design assumed that the certificate choice was made
outside the protocol, so there was no need to select. TLS/SNI solves this.
To be fair, there are a number hacks: using other port numbers, using
shared certs, etc. Left as an exercise to the reader...
iang
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
