Changeset 1891
- Timestamp:
- 08/21/08 19:39:25 (3 months ago)
- Files:
-
- cherokee/trunk/doc/bundle_cget.txt (modified) (1 diff)
- cherokee/trunk/doc/config_virtual_servers.txt (modified) (1 diff)
- cherokee/trunk/doc/other_goodies.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
cherokee/trunk/doc/bundle_cget.txt
r1816 r1891 9 9 tool. You might find it useful for your own scripts, especially for 10 10 its ability to read and write HTTP headers. 11 12 It can handle both HTTP and HTTPS requests. 11 13 12 14 This is the full information provided by the manpage: cherokee/trunk/doc/config_virtual_servers.txt
r1816 r1891 337 337 before using secure connections (https). There is a document which 338 338 might help to generate SSL link:cookbook_ssl.html[keys] 339 340 Cherokee fully supports the usage of different certificates for each 341 virtual server in a given host, be it using SNI as defined in 342 link:http://www.rfc-archive.org/getrfc.php?rfc=3546[RFC 3546] or by 343 elegantly respinning the secure handshake. cherokee/trunk/doc/other_goodies.txt
r1844 r1891 93 93 ~~~~~~~~~~~~~~~~~ 94 94 You might have been told elsewhere that named virtual hosts in SSL 95 cannot be supported because a web server cannot see the hostname96 header when the SSL request is being processed. Technically this might 97 have been correct in the past. The first thing that the server has to 98 do is to connect with the other end by using SSL/TLS, so at that 99 point, before it receives the HTTP client request, the crypto 'magic' 100 already needs to have happened.95 cannot be supported without SNI (Server Name Indication) because a web 96 server cannot see the hostname header when the SSL request is being 97 processed. Technically this might have been correct in the past. The 98 first thing that the server has to do is to connect with the other end 99 by using SSL/TLS, so at that point, before it receives the HTTP client 100 request, the crypto 'magic' already needs to have happened. 101 101 102 102 However, nothing is forever.. and that applies to SSL/TLS connections … … 104 104 virtual server, and the magic occurs: SSL supporting several 105 105 certificates on the same IP address and port. 106 107 If SNI is supported by your SSL/TLS library, nothing of this needs to 108 happen because the host info can be put in the SSL handshake. Things 109 will simply work as long as there is a web browser with SNI support at 110 the other side. Currently every modern web browser supports this.