Yes, you´re right. Apache included server name indication support in the release 2.2.12.
Hecber
-----Original Message-----
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Victor B. Wagner
Sent: Monday, November 16, 2009 3:50 PM
To: openssl-users@openssl.org
Subject: Re: RE: how to merge multiple public domain certs into one file?
On 2009.11.15 at 21:01:13 -0500, H??cber C??rdova wrote:
> Hi *,
>
> Certainly you can configure Apache to use virtualHosts based on
domain names,
> and this works perfect with HTTP (1.1). However, this cannot be achieved
using
> SSL, and the answer is simple, the SSL is established using the server IP,
and
> during the SSL negotiation (handshake), there is no mention to
> servername/domain, the server certificate/private keys are used during the
> negotiation, and Apache needs to know what certificate is going to use
(and
Since 0.9.8f OpenSSL supports SNI (server name indication) TLS
extension. Support of this extension in mod_ssl is discussed on
httpd-...@apache.org for years, and even if it haven't yet got into
release, you definitely can find patches in the apache bugzilla.
So, it is theoretially possible for Apache to know name of virtual host
on the stage of TLS handshake. But only if browser supports this
extension (it seems that all modern browsers do).
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
smime.p7s
Description: S/MIME cryptographic signature
