Fred K Ollinger on Sun, 29 Dec 2002 01:41:03 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] apache+ssl question


> is it true for a fact that SSL support in apache will work
> only on ONE IP address + port for each ssl server?  I've tried
> many times last nite to try to make each virtualhost
> listen on its own SSL connnection to no success:

Which version of apache?

I'm working on ssl right now, and I still haven't gotten this far, so I'd
like to know what to expect.

I am running apache-2.1-dev, though.

It works fine, but I really don't see how it's better than apache 1.3,
except that it is required for subversion. I heard that it has better
performance, faster, more secure, but on a 200 mhz, pII, 128 mb ram, I
have not noticed any difference at all save that perhaps apache2 seems to
start a little slower. Also, it's annoying to have to recompile everything
for apache2, but if try to use enough apache features, I feel that you'll
probably want to compile everything anyway. Besides, there was a time (a
few hours?) where there wasn't a secure binary of apache1.3 for my distro.
I changed to apache2 the day that they revealed the last hole in ssl,
IIRC, 0.96f.

Fred

>
> NameVirtualHost 1.2.3.4
>
> <VirtualHost 1.2.3.4 1.2.3.4:443>
> ServerName myvirtualhost1
> SSLEnable
> ...
> ...
> <VirtualHost 1.2.3.4 1.2.3.4:443>
> ServerName myvirtualhost2
> SSLEnable
> ...
> ...
> <VirtualHost 1.2.3.4 1.2.3.4:443>
>
> No matter how hard I try I always revert back to having
> only 1 SSL virtual server.  In this example, Apache complains
> and servers SSL only on the first virtual host: myvirtualhost1.
>
> Further google'ing points to the fact that there is
> a "chicken and egg" problem that this is due for technical
> reasons, that there can be only 1 SSL per IP+port.
>
> Before I think of other ways around this (SSL on multiple ports,
> or maybe some creative port redirection), I just want
> to verify again,
>
> Only 1 SSL host per IPaddress + Port, right?
>
> thanks for reading,
> E. Pike / JondZ
> _________________________________________________________________________
> Philadelphia Linux Users Group        --       http://www.phillylinux.org
> Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.netisland.net/mailman/listinfo/plug
>

_________________________________________________________________________
Philadelphia Linux Users Group        --       http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion  --   http://lists.netisland.net/mailman/listinfo/plug