> From: owner-openssl-us...@openssl.org On Behalf Of Ger Hobbelt
> Sent: Wednesday, 22 December, 2010 04:54
> On Wed, Dec 22, 2010 at 7:53 AM, S Mathias <smathias1...@yahoo.com>
wrote:
> is it an inescapable requirement to have a dedicated [not
fix]
> ip address, when i want to use ssl on my domain?
> Not exactly, but you must weigh the cost vs. merit here. When you
> are looking for ways to serve multiple HTTPS (SSL protected) websites
> from a single IP address, the magic term you're looking for is SNI
> (Server Name Indication). The second alternative (with restrictions)
> is using a wildcard certificate or certificate with multiple
subjectAltName entries.
Or for completeness: if acceptable to your clients and supported,
you can use an unauthenticated aka "anonymous" suite (ADH* or AECDH*),
then there is no need for the server cert to match the (desired)
server name (in fact no server cert is used at all).
The browsers I have to hand (IE7 and Firefox3.5) don't support anon
as far as I can see, and I'd expect general-purpose browsers not to,
since over the public Internet you almost always do want at least
server auth. For custom(ized) clients this could be an option.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
