httpd-wiki-changes mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Httpd Wiki] Update of "NameBasedSSLVHostsWithSNI" by EricCovener
Date Fri, 14 May 2010 21:30:43 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.

The "NameBasedSSLVHostsWithSNI" page has been changed by EricCovener.
http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI?action=diff&rev1=7&rev2=8

--------------------------------------------------

    # Other directives here
  
  </VirtualHost>
+ 
+ 
+ 
  }}}
  
+ == Detailed Processing ==
+ Before there is even an SSL handshake, Apache finds the best match for the IP address and
TCP port the connection is established on (IP-based virtual hosting)
+ 
+ If there is a NameVirtualHost directive that has the same literal arguments as this best-matching
VirtualHost, Apache will instead
+ consider ALL VirtualHost entires with identical arguments to the matched VirtualHost.  Otherwise,
SNI processing has no selection to perform.
+ 
+ If the client sends a hostname along with it's TLS handshake request, Apache will compare
this TLS hostname to the ServerName/ServerAlias of the candidate VirtualHost set determined
in the preceding steps.
+ 
+ Whichever VirtualHost is selected on the preceding basis will have it's SSL configuration
used to continue the handshake.  Notably, the contents of the certificates are not used in
any comparison.
+ 
+ This process mimics the normal (albet misundersood) consecutive application of IP-based,
then name-based, vhost matching algorithm used with HTTP, except that the input is the TLS
data and not a HTTP header.
+ 

Mime
View raw message