Re: HTTPS and Virtual Hosts

2008-09-25 Thread Mark Thomas
Steffen Heil wrote: > Hi > > Actually, most answers in this thread are more or less outdated. > It IS possible to use one IP with multiple certificates, just not with > tomcat to far. > > There IS (since June 2003, that is more than 5 years!) a TLS extension SNI > (server name indication) that do

Re: HTTPS and Virtual Hosts

2008-09-24 Thread Steffen Heil
hope this will find it's way into java/tomat soon. Regards, Steffen -Ursprüngliche Nachricht- Von: Johnny Kewl [mailto:[EMAIL PROTECTED] Gesendet: Montag, 22. September 2008 15:02 An: Tomcat Users List Betreff: Re: [OT] RE: HTTPS and Virtual Hosts - Original Message -

Re: [OT] RE: HTTPS and Virtual Hosts

2008-09-22 Thread Johnny Kewl
- Original Message - From: "Peter Crowther" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" Sent: Monday, September 22, 2008 2:30 PM Subject: [OT] RE: HTTPS and Virtual Hosts [Marked OT as this is not even remotely about Tomcat] From: Johnny

[OT] RE: HTTPS and Virtual Hosts

2008-09-22 Thread Peter Crowther
[Marked OT as this is not even remotely about Tomcat] > From: Johnny Kewl [mailto:[EMAIL PROTECTED] > http://support.microsoft.com/kb/257591 ... OK... > If it send the HOST info in step one ... which it doesn't as far as I can see... > and the server chose the correct > cert I see no p

Re: HTTPS and Virtual Hosts

2008-09-22 Thread Johnny Kewl
- Original Message - From: "André Warnier" <[EMAIL PROTECTED]> To: "Tomcat Users List" Sent: Monday, September 22, 2008 12:21 PM Subject: Re: HTTPS and Virtual Hosts Mark Thomas wrote: Ognjen Blagojevic wrote: André Warnier wrote: Is the above, very r

Re: HTTPS and Virtual Hosts

2008-09-22 Thread Johnny Kewl
- Original Message - From: "Peter Crowther" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" Sent: Monday, September 22, 2008 12:19 PM Subject: RE: HTTPS and Virtual Hosts From: Johnny Kewl [mailto:[EMAIL PROTECTED] I actually cant see any reason wh

RE: HTTPS and Virtual Hosts

2008-09-22 Thread Peter Crowther
> From: André Warnier [mailto:[EMAIL PROTECTED] > I seem to remember that there was talk about a scheme or a > protocol that > would allow (very roughly) a client/server pair to start a > session using > HTTP (not SSL), negociate, then in the course of the session "upgrade" > this link to HTTPS. A

Re: HTTPS and Virtual Hosts

2008-09-22 Thread André Warnier
Mark Thomas wrote: Ognjen Blagojevic wrote: André Warnier wrote: Is the above, very roughly and approximatively still a valid explanation of what happens, or is it totally wrong, or has something changed in-between that I am unaware of ? Yes, that's about it. Here is the official explanation:

RE: HTTPS and Virtual Hosts

2008-09-22 Thread Peter Crowther
> From: Johnny Kewl [mailto:[EMAIL PROTECTED] > I actually cant see any > reason why the hand shake couldnt be extended to look at the > incoming URL... Because the URL (or at least the host header) would have to be sent over the wire in cleartext, as it's before the encrypted connection is negot

Re: HTTPS and Virtual Hosts

2008-09-22 Thread Johnny Kewl
- Original Message - From: "André Warnier" <[EMAIL PROTECTED]> To: "Tomcat Users List" Sent: Monday, September 22, 2008 10:57 AM Subject: HTTPS and Virtual Hosts Hi. I'm not an expert at anything below, that's why I am asking. I am also not looking for a very precise answer, just a

Re: HTTPS and Virtual Hosts

2008-09-22 Thread Johnny Kewl
- Original Message - From: "André Warnier" <[EMAIL PROTECTED]> To: "Tomcat Users List" Sent: Monday, September 22, 2008 10:57 AM Subject: HTTPS and Virtual Hosts Hi. I'm not an expert at anything below, that's why I am asking. I am also not looking for a very precise answer, just a

Re: [OT] RE: HTTPS and Virtual Hosts

2008-09-22 Thread Ognjen Blagojevic
Peter Crowther wrote: Or configure multiple IP addresses on one card - almost all operating systems these days allow multiple IP addresses on one adapter. Cheaper, and you don't run out of card slots so fast :-). Didn't know that. That's definitely better. -Ognjen -

Re: HTTPS and Virtual Hosts

2008-09-22 Thread Mark Thomas
Ognjen Blagojevic wrote: > André Warnier wrote: >> Is the above, very roughly and approximatively still a valid >> explanation of what happens, or is it totally wrong, or has something >> changed in-between that I am unaware of ? > > Yes, that's about it. Here is the official explanation: > > h

[OT] RE: HTTPS and Virtual Hosts

2008-09-22 Thread Peter Crowther
> From: Ognjen Blagojevic [mailto:[EMAIL PROTECTED] > For instance, you > could put 2 or more network cards in the server, and than > configure one virtual host for each of these cards. Or configure multiple IP addresses on one card - almost all operating systems these days allow multiple IP addr

Re: HTTPS and Virtual Hosts

2008-09-22 Thread Ognjen Blagojevic
André Warnier wrote: Is the above, very roughly and approximatively still a valid explanation of what happens, or is it totally wrong, or has something changed in-between that I am unaware of ? Yes, that's about it. Here is the official explanation: http://httpd.apache.org/docs/2.0/ssl/ssl_

RE: HTTPS and Virtual Hosts

2008-09-22 Thread Peter Crowther
> From: André Warnier [mailto:[EMAIL PROTECTED] > As I remember from reading about this a while ago, there is/was a > fundamental incompatibility between the HTTP Virtual Host > mechanism, and > HTTPS/SSL, in the sense that there is some egg-and-chicken problem > involved, which roughly goes like t