[dokuwiki-teams] Re: [infrastructure] Re: new tasks?
- From: Dennis Ploeger <develop@xxxxxxxxxxxxxx>
- To: Andreas Gohr <andi@xxxxxxxxxxxxxx>, "" <dokuwiki-teams@xxxxxxxxxxxxx>
- Date: Tue, 03 Jul 2012 17:50:44 +0200
Hi!
> As far as I understand it, the whole HTTP traffic is encrypted by SSL.
> This includes the Host header which Apache would use for determining
> the correct vHost. SNI is a workaround to send the host name
> unencrypted. Or that's how I understand it. But I'm no expert on this
> stuff. I just want to make sure we don't make our sites less
> accessible to any potential users, especially those in corporations
> where IE+WinXP is a common use.
>
> If I'm correct with how I understand it, we're using SNI currently
> (because we use a single IP) so could anyone try accessing our sites
> via HTTPS from a XP based IE?
I've read the Wikipedia article about it now, and I guess, that SNI is not used
when using SANs, because...
SNI comes into effect, when a virtual host has certificate A and another
virtual host has certificate B. So Apache cannot guess which certificate to
choose and to present to the browser. (That would be in a shared hosting with
different customers, that need distinct certificates)
In our scenario we simply use one certificate that is configured for every
virtual host, so the certificate, that is sent to the browser is always the
same but using the SANs the browser sees, that the requested hostname is a
valid hostname within the certificate.
At least, that's what I understand. Can somebody do what Andi asked and
validate this?
Kind regards
Dennis
Other related posts:
