From: "Steven Levine" Received: from [192.168.100.201] (HELO mail.2rosenthals.com) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTP id 11330752 for ecs-isp@2rosenthals.com; Sat, 07 Dec 2024 23:52:50 -0500 Received: from [192.168.200.201] (port=50323 helo=mail2.2rosenthals.com) by mail.2rosenthals.com with esmtp (Exim 4.97.1) (envelope-from ) id 1tK9Hc-00000000501-1Mch for ecs-isp@2rosenthals.com; Sat, 07 Dec 2024 23:52:40 -0500 Received: from mta-202b.earthlink-vadesecure.net ([51.81.232.241]:46847 helo=mta-202a.earthlink-vadesecure.net) by mail2.2rosenthals.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.97.1) (envelope-from ) id 1tK9HX-000000003xe-09wI for ecs-isp@2rosenthals.com; Sat, 07 Dec 2024 23:52:35 -0500 DKIM-Signature: v=1; a=rsa-sha256; bh=etx9VGa6ZM1aMbpQujiODeYJo5LlTI+SzMgcly Q8f2M=; c=relaxed/relaxed; d=earthlink.net; h=from:reply-to:subject: date:to:cc:resent-date:resent-from:resent-to:resent-cc:in-reply-to: references:list-id:list-help:list-unsubscribe:list-unsubscribe-post: list-subscribe:list-post:list-owner:list-archive; q=dns/txt; s=dk12062016; t=1733633554; x=1734238354; b=ao7YZZiayv5aS/vjhepIdEWy06K UAVh+GDjg8nUIH5zeHGz/Ev7cDfq2waZgRovL/vkGUV3W76nmAboPyJwkH2fX2ehOSsJaCm 0Su1Ue5rqEQRyfXkFJIh2ZestV5DDfsmtw11+f+aDdjWHrfazNrJ9RMiV01cs/Zd7NOGMCw 1rEVnGwyJNKRqXzo2V7gbIIFzSQnZmr8E4Q4t4FtY4hJYWG6vSt45ysEB6H3eyNohLKjNJ3 Oxhn5KDqELITqVPVJUFSSezbMMbfDU9+MiA0BXC4478Ydab9GNfhhzyiJaWmQRe14Vo+k6c ll0+ltM7N2OTRr80/7/h1FTazbWL9JQ== Received: from slamain ([172.56.178.196]) by vsel2nmtao02p.internal.vadesecure.com with ngmta id cedaf7d2-180f1a883569028e; Sun, 08 Dec 2024 04:52:33 +0000 Message-ID: <675523f2.5.mr2ice.fgrirsq@earthlink.net> Date: Sat, 07 Dec 2024 20:43:30 -0800 To: "eCS ISP Mailing List" In-Reply-To: Subject: Re: [eCS-ISP] Getting started with Let's Encrypt X-Mailer: MR/2 Internet Cruiser Edition for OS/2 v3.00.11.24/60 In , on 12/08/24 at 03:07 PM, "Peter Moylan" said: Hi Peter, >This seems to be the answer. The Wikipedia article on SNI says that the >feature was introduced in 2003, to solve precisely the problem I'm asking >about, so it's not surprising that Apache can do it. I think you found the answer. See also https://cwiki.apache.org/confluence/display/httpd/NameBasedSSLVHostsWithSNI which circa 2019. >In fact the Wikipedia article effectively says that, prior to SNI, secure >servers could only host one domain, because of the difficulty of getting >certifcates that covered multiple domains. 2003 was long ago, so support for SNI on the server must be almost universal these days. >(I am now starting to understand that the whole point of "hello >extensions" in TLS is to work around bugs in the original SSL design.) It's also to allow for the fact that nothing is going to remain perfect unless the world stops changing. Steven -- ---------------------------------------------------------------------- "Steven Levine" Warp/DIY/BlueLion etc. www.scoug.com www.arcanoae.com www.warpcave.com ----------------------------------------------------------------------