On 3/16/06, Ilya Konstantinov <[EMAIL PROTECTED]> wrote: > Amos Shapira wrote: > > > As far as I remember this is a known problem with SSL (not just Apache) - > > the protocol allows exactly one secure site per TCP PORT. > > > > That is, until Server Name Indication (read > http://blogs.msdn.com/ie/archive/2005/10/22/483795.aspx ) will be fully > deployed across all browsers.
Indeed, this page and others about SNI explain that it is designed to address exactly the kind of problem that Gil was asking about. But I wouldn't count on this being available on the client side for at least a year or even three: 1. It will be available only in IE 7 (i.e. only on Windows Vista) 2. Maybe on Firefox 2 (track bugs 116168/116169). So far it doesn't sound like it will make it. Someone tentatively assigned the bug's target to version 3.12. So back to solving the problem without support for SNI: > > > How about allocating a separate TCP port for each site and maybe redirect > > from > > a plain HTTP concentrator: > > > > This will work, but it has the disadvantage of not being able to pass > strict firewalls (which only pass port 80 and 443) and most HTTP proxies > (which are configured to allow SSL proxying[1] for only a handful of ports). You mean client-side "personal" firewalls? Corporate LAN firewalls? or what? So how about Gil's original question - redirecting to multiple paths under same SSL host: https:master.site.com/site1/... https:master.site.com/site2/... ? --Amos -- "I was being prosecuted for my beliefs.... I believed people wouldn't notice I'd sold them camels with plaster teeth until I was well out of town." - Terry Pratchett, "Pyramids" ================================================================To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
