(original) (raw)

On Sun, Jan 27, 2013 at 7:11 PM, Umbrella Code <shane@umbrellacode.com> wrote:

It's been a few years so my memory must be rusty, but where is the https protocol dependent on the transport/SSL setup in that way?

Sent from my iPad

Begin forwarded message:

I can't speak for Antoine but I'm guessing he's talking about SNI:

* a VPS server hosts 2 sites with 2 certificates for "mysite.com" and "yoursite.com"

* the original TCP server has no idea which cert to use as both sites share the same IP address and port.

\* the solution is the client sends the hostname in the TLS handshake.�

So the DNS or HTTP line "host: mysite.com" is also used in the TLS layer. This example agrees with Antoine but it's in the reverse direction, so maybe he has another one in mind.

http://en.wikipedia.org/wiki/Transport\_Layer\_Security#Support\_for\_name-based\_virtual\_servers

http://en.wikipedia.org/wiki/HTTP\_Secure#Limitations

http://en.wikipedia.org/wiki/Server\_Name\_Indication

Yuval