A short note of what I understood.
For french speaking persons, have a look here : Mimiz explained that much better than I do !
Before Apache 2.2.12, if you set up multiple Virtual Host with SSL configuration, you owuld end up with a warning like this :
For french speaking persons, have a look here : Mimiz explained that much better than I do !
Before Apache 2.2.12, if you set up multiple Virtual Host with SSL configuration, you owuld end up with a warning like this :
[warn] vhost2 VirtualHost overlap on port 443, the first (vhost1) has precedence
You could set up as many SSL VHost configuration you want, on ly the first one would be used, sometime resulting in client warnings because wrong certificate was served.
From 2.2.12 and on, OpenSSL (shipped with Apache) uses the SSL extension named SNI (which stands for Server Name Identification). This extension allows Apache to send the right certificate, according to the domain requested.
But client AND server have to use this SNI thing, and of course some clients do not follow the rule...follow my gaze.
According to the wiki page :
No support
The following combinations do not support SNI:
- Internet Explorer (any version) on Windows XP or Internet Explorer 6 or earlier
- Safari on Windows XP
- BlackBerry Browser
- Windows Mobile up to 6.5[33]
- Android default browser on Android 2.x[34] (Fixed in Honeycomb for tablets and Ice Cream Sandwich for phones)
- wget before 1.14
In short, If you have to support IE on XP, you'll have to have as many IP addresses as desired domains.
No comments:
Post a Comment