From owner-freebsd-questions  Sun Jun  4 12:45: 8 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from speedy.rtfm.com (speedy.rtfm.com [216.98.239.228])
	by hub.freebsd.org (Postfix) with ESMTP id 8DC4237B678
	for <questions@FreeBSD.ORG>; Sun,  4 Jun 2000 12:44:28 -0700 (PDT)
	(envelope-from ekr@rtfm.com)
Received: from romeo.rtfm.com (romeo.rtfm.com [216.98.239.227]) by speedy.rtfm.com (8.9.1/8.6.4) with ESMTP id MAA08109; Sun, 4 Jun 2000 12:44:40 -0700 (PDT)
Received: (ekr@localhost) by romeo.rtfm.com (8.9.3/8.6.4) id MAA55765; Sun, 4 Jun 2000 12:44:47 -0700 (PDT)
To: "Troy Settle" <troy@picus.com>
Cc: "Raymundo M. Vega" <RaymundoVega@home.com>,
	"Doug Barton" <Doug@gorean.org>, <questions@FreeBSD.ORG>
Subject: Re: IP vs CNAME
References: <FCEELIAEIIECDGKKJLMIAECJCAAA.troy@picus.com>
From: EKR <ekr@rtfm.com>
Mime-Version: 1.0 (generated by tm-edit 7.108)
Content-Type: text/plain; charset=US-ASCII
Date: 04 Jun 2000 12:44:46 -0700
In-Reply-To: "Troy Settle"'s message of "Sun, 4 Jun 2000 11:43:32 -0400"
Message-ID: <kju2f9dydt.fsf@romeo.rtfm.com>
Lines: 20
X-Mailer: Gnus v5.6.45/XEmacs 20.4 - "Emerald"
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

"Troy Settle" <troy@picus.com> writes:
> With name-based virtual hosts, it's sometimes more difficult to track down
> problems, and you may be generating additional problems on secure sites
> (I'm told this, I don't know from personal experience).
Name based virtual hosts will not work with HTTPS.

The reason for this is that the SSL handshake must happen 
before the server sees the "Hosts" header. But the server
needs to decide which certificate to present during the
handshake. As a consequence, you must use IP-based
virtual hosts with HTTPS. 

The one exception is that you might have a wildcarded certificate
that could be used for more than one virtual host.

-Ekr






To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message