Mailing List ecs-isp@2rosenthals.com Archived Message #1061 previous message next message tilbake listen

Fra: "Steven Levine" <ecs-isp@2rosenthals.com> Full Headers
Undecoded message
Emne: Re: [eCS-ISP] Getting started with Let's Encrypt
Dato: Sat, 07 Dec 2024 20:43:30 -0800
Til: "eCS ISP Mailing List" <ecs-isp@2rosenthals.com>

In <list-11330746@2rosenthals.com>, on 12/08/24
   at 03:07 PM, "Peter Moylan" <ecs-isp@2rosenthals.com> said:

Hi Peter,

>This seems to be the answer. The Wikipedia article on SNI says that the
>feature was introduced in 2003, to solve precisely the problem I'm asking
>about, so it's not surprising that Apache can do it.

I think you found the answer.  See also

  https://cwiki.apache.org/confluence/display/httpd/NameBasedSSLVHostsWithSNI

which circa 2019.

>In fact the Wikipedia article effectively says that, prior to SNI, secure
>servers could only host one domain, because of the difficulty of getting
>certifcates that covered multiple domains.

2003 was long ago, so support for SNI on the server must be almost
universal these days.

>(I am now starting to understand that the whole point of "hello
>extensions" in TLS is to work around bugs in the original SSL design.)

It's also to allow for the fact that nothing is going to remain perfect
unless the world stops changing.

Steven

--
----------------------------------------------------------------------
"Steven Levine" <steve53@earthlink.net>  Warp/DIY/BlueLion etc.
www.scoug.com www.arcanoae.com www.warpcave.com
----------------------------------------------------------------------
Abboner: Feed, Digest, Index.
Stopp abbonement
E-post til ListMaster