Nachricht #1061 aus Archiv der Liste ecs-isp@2rosenthals.com

Von: "Steven Levine" <ecs-isp@2rosenthals.com> Kopfzeilen anzeigen
E-Mail Quelltext
Betreff: Re: [eCS-ISP] Getting started with Let's Encrypt
Datum: Sat, 07 Dec 2024 20:43:30 -0800
An: "eCS ISP Mailing List" <ecs-isp@2rosenthals.com>

In <list-11330746@2rosenthals.com>, on 12/08/24
   at 03:07 PM, "Peter Moylan" <ecs-isp@2rosenthals.com> said:

Hi Peter,

>This seems to be the answer. The Wikipedia article on SNI says that the
>feature was introduced in 2003, to solve precisely the problem I'm asking
>about, so it's not surprising that Apache can do it.

I think you found the answer.  See also

  https://cwiki.apache.org/confluence/display/httpd/NameBasedSSLVHostsWithSNI

which circa 2019.

>In fact the Wikipedia article effectively says that, prior to SNI, secure
>servers could only host one domain, because of the difficulty of getting
>certifcates that covered multiple domains.

2003 was long ago, so support for SNI on the server must be almost
universal these days.

>(I am now starting to understand that the whole point of "hello
>extensions" in TLS is to work around bugs in the original SSL design.)

It's also to allow for the fact that nothing is going to remain perfect
unless the world stops changing.

Steven

--
----------------------------------------------------------------------
"Steven Levine" <steve53@earthlink.net>  Warp/DIY/BlueLion etc.
www.scoug.com www.arcanoae.com www.warpcave.com
----------------------------------------------------------------------


Abonnieren: Nachricht (Feed), Sammelnachricht (Digest), Index.
Abmelden
E-Mail an ListMaster