LinuxSA Mailing list archives

  From: Geoffrey D. Bennett <g@netcraft.com.au>
  To  : Ben Donohue <donohueb@bvm.com.au>
  Date: Thu, 1 Apr 1999 15:59:55 +0930 (CST)

Re: ssl and ip masquerade

> i've heard (read) that virtual hosts in apache will not work with ssl.
> so in order to use ssl with apache, you need different ip numbers for
> each site (domain name etc).
> 
> the question is,
> will ssl work with one of the private ip numbering ranges (192.168.0.0)
> and then masqueraded out to one public ip address, such that many
> different sites have one public ip address and then masqueraded to the
> private 192.168.0.0 ssl server,

No, it won't.

> or
> you need one public ip address for every different site for ssl and
> apache?

Yes, but the limitation is in the protocol, not in Apache.

It's a catch-22:
- the server needs to know which virtual host is being contacted
  before it can negotiate an SSL connection
- the server doesn't find out which host is being contacted until the
  HTTP request is sent (unless you have separate IP addresses for each
  virtual host)
- the HTTP request can't be sent until SSL has been negotiated (after
  all, you are encrypting this information)

Regards,
-- 
Geoffrey D. Bennett (geoffrey@netcraft.com.au)
Computer Systems Manager, NetCraft Australia
http://www.netcraft.com.au/geoffrey/
Red Hat Linux Resellers: http://www.netcraft.com.au/linux/

-- 
Check out the LinuxSA web pages at http://www.linuxsa.org.au/
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject