From owner-freebsd-questions@FreeBSD.ORG Tue Oct 5 15:17:10 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8D2A3106566C for ; Tue, 5 Oct 2010 15:17:10 +0000 (UTC) (envelope-from djp@polands.org) Received: from hrndva-omtalb.mail.rr.com (hrndva-omtalb.mail.rr.com [71.74.56.124]) by mx1.freebsd.org (Postfix) with ESMTP id 3BA968FC1C for ; Tue, 5 Oct 2010 15:17:09 +0000 (UTC) Received: from hrndva-omtalb.mail.rr.com ([10.128.143.53]) by hrndva-qmta01.mail.rr.com with ESMTP id <20101005150358992.EZMX7732@hrndva-qmta01.mail.rr.com> for ; Tue, 5 Oct 2010 15:03:58 +0000 X-Authority-Analysis: v=1.1 cv=iGF3DqghDyT/uy4mV2LvOKNXCATMSjL+tOl9cucoGVk= c=1 sm=0 a=iv_FGcSvvugA:10 a=kj9zAlcOel0A:10 a=02fl1sNAWVw4WL3Wmu4WJA==:17 a=8pif782wAAAA:8 a=H-_ZQhxsR5OA6ILr6QEA:9 a=oxDnA0tiEO5JxudtwQutHu0olUQA:4 a=CjuIK1q_8ugA:10 a=02fl1sNAWVw4WL3Wmu4WJA==:117 X-Cloudmark-Score: 0 X-Originating-IP: 75.87.219.217 Received: from [75.87.219.217] ([75.87.219.217:53948] helo=haran.polands.org) by hrndva-oedge03.mail.rr.com (envelope-from ) (ecelerity 2.2.3.46 r()) with ESMTP id 86/51-27923-02E3BAC4; Tue, 05 Oct 2010 15:02:57 +0000 Received: from ararat.polands.org (ararat.polands.org [172.16.1.20]) by haran.polands.org (8.14.4/8.14.4) with ESMTP id o95F2tfJ072594; Tue, 5 Oct 2010 10:02:55 -0500 (CDT) (envelope-from djp@polands.org) Received: from ararat.polands.org (localhost [127.0.0.1]) by ararat.polands.org (8.14.4/8.14.4) with ESMTP id o95F2tvJ036834; Tue, 5 Oct 2010 10:02:55 -0500 (CDT) (envelope-from djp@ararat.polands.org) Received: (from djp@localhost) by ararat.polands.org (8.14.4/8.14.4/Submit) id o95F2smh036833; Tue, 5 Oct 2010 10:02:54 -0500 (CDT) (envelope-from djp) Date: Tue, 5 Oct 2010 10:02:54 -0500 From: Doug Poland To: Ryan Coleman Message-ID: <20101005150254.GA61709@polands.org> References: <20101004221506.GA8662@polands.org> <20101005035354.GB8662@polands.org> <4CAAAC4A.5060106@boosten.org> <4CAAB89F.70907@infracaninophile.co.uk> <2C683AF7-AFA5-4D5E-8575-19455EBB142B@cwis.biz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Adam Vande More , FreeBSD Mailing List , Peter Boosten Subject: Re: OT: Apache as reverse SSL proxy X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Oct 2010 15:17:10 -0000 On Tue, Oct 05, 2010 at 02:32:11AM -0500, Ryan Coleman wrote: > > On Oct 5, 2010, at 2:05 AM, Adam Vande More wrote: > > > On Tue, Oct 5, 2010 at 1:36 AM, Ryan Coleman wrote: > >> > >> On Oct 5, 2010, at 12:33 AM, Matthew Seaman wrote: > >> > >>> Nowadays there is also the possibility of RFC2817 -- in essence > >>> you start an ordinary HTTP session, then issue a STARTTLS command > >>> and upgrade the connection to encrypted. This will allow > >>> name-based virtual hosting with TLS to work as intended. > >>> Unfortunately, last I checked, while apache supports this, most > >>> web browsers do not. > >> > >> Throwing just my two bits in: Apache supports it, as does Firefox, > >> and nothing else (maybe Safari does...). > >> > >> IE definitely does not. I looked into this before opting to go > >> multiple static IPs at home for my webservers. > >> > > > > IE 7+ does however support RFC 3546(SNI), which is the defacto > > standard for accomplishing SSL name based vhosts. > > http://en.wikipedia.org/wiki/Server_Name_Indication > > Thanks all for the confirmation and information on apache, vhosts, HTTPS, and reverse proxying. In my situation, the clients are custom written applications on embedded systems. I don't know much about their ability to conform with the latest RFC's but my guess is they will not.