On 11/16/2009 03:46 AM, Hécber Córdova wrote:
Since 0.9.8f OpenSSL supports SNI (server name indication) TLS
extension. Support of this extension in mod_ssl is discussed on
httpd-...@apache.org for years, and even if it haven't yet got into
release, you definitely can find patches in the apache bugzilla.
So, it is theoretially possible for Apache to know name of virtual host
on the stage of TLS handshake. But only if browser supports this
extension (it seems that all modern browsers do).
Hello,
I'll disagree with you on all the modern browsers do part. SNI is not
supported on Windows XP (only Vista on up). This affects IE 6 through IE
8, Safari and Google Chrome [or any client that relies on Windows
Crypto] (Which by all definitions IE8, Safari 3+ and Google Chrome ARE
modern browsers) Firefox 2x+ and Opera 8+ are unaffected because they
are "on their own".
Also, in 0.9.8f, SNI is not enabled by default. I do believe that it is
as of 0.9.8j that this is the case.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
