Eddy Nigg wrote:
Trying the different sub domain trick doesn't work on the same server
but different host and IP.
Let me phrase this explicitly :
- You use only one Apache instance
- You configured two virtual hosts inside that instance
- Then :
- either each virtual host listens on a different IP
- or they listen on two different ports,
and you use a firewall to redirect the two separate external IP on
those two ports on the same internal IP
I assume that's because the server reuses the
cached SSL session and initiates a renegotiation upon certificate
authentication. Does that make sense so far?
We'll it may be so, but it'd be a little surprising.
It requires two "bug/feature" I think :
- a server that allows reusing the same SSL ID on a different virtual
host. I can see how it could happen that the SSL ID pool is actually
shared between all virtual servers, but it's still not very clean.
- a client that tries to reuse the SSL ID if the request goes to the a
different host inside the same subdomain. Now that's harder to think of
it as anything else than a quite ugly bug, but we'd have to live with it
if it's the case
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
