Changes between Initial Version and Version 2 of Ticket #48


Ignore:
Timestamp:
Feb 11, 2008, 12:29:21 PM (16 years ago)
Author:
presbrey
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #48

    • Property Priority changed from major to critical

  • Ticket #48 – Description

    initial v2  
    11Currently lockername.scripts.mit.edu gives a certificate error.  We have a valid certificate for *.scripts.mit.edu but it is currently not used.  The problem is that (modulo recent extensions) the HTTPS protocol doesn’t support sending the virtual host name before the server must decide which certificate to present.
    22
    3 There have been two proposed solutions.  One is to use the [http://en.wikipedia.org/wiki/Server_Name_Indication SNI extension].  This requires upgrading mod_ssl to at least 0.9.8f, [https://sni.velox.ch/misc/httpd-2.2.6-sni.patch patching mod_ssl], and using relatively recent browsers (old browsers will fall back to the current behavior).
     3There have been two proposed solutions.  One is to use the [http://en.wikipedia.org/wiki/Server_Name_Indication SNI extension].  This requires upgrading '''OpenSSL''' to at least 0.9.8f, [https://sni.velox.ch/misc/httpd-2.2.6-sni.patch patching mod_ssl], and using relatively recent browsers (old browsers will fall back to the current behavior).
    44
    55The other is to move *.scripts.mit.edu to a separate IP from scripts.mit.edu, so that the server knows which certificate to present based on the IP.  This is less general (we can’t extend this to work with arbitrary vhosts), but we could probably implement it now.