- 论坛徽章:
- 0
|
看了apache的官方文档http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html
是如下说明:
Why can't I use SSL with name-based/non-IP-based virtual hosts?
The reason is very technical. Actually it's some sort of a chicken and egg problem: The SSL protocol layer stays below the HTTP protocol layer and encapsulates HTTP. When an SSL connection (HTTPS) is established Apache/mod_ssl has to negotiate the SSL protocol parameters with the client. For this mod_ssl has to consult the configuration of the virtual server (for instance it has to look for the cipher suite, the server certificate, etc.). But in order to dispatch to the correct virtual server Apache has to know the Host HTTP header field. For this the HTTP request header has to be read. This cannot be done before the SSL handshake is finished. But the information is already needed at the SSL handshake phase. Bingo!
但是在实际操作过程中却可以做基于ssl的namevirtualhost
哪位知道为什么啊?
我看到在《Apache管理员手册》--(美)Rich Bowen著 LinuxAID网站翻译
P207中明确说明:
人们的一个常见问题就是如何使得基于名字的虚拟主机和ssl一起工作,答案是不可以的。基于名字的虚拟主机依赖于http请求的主机名信息,而证书核实发生在ssl连接被建立而且没有http数据头被发送的时候。有一个协议用于把一个已有的http连接升级到TLS,但是当前的浏览器几乎都不支持此功能(RFC2817)
情哪位朋友知道的,可以说说看! |
|
免费注册
发表于 2003-11-25 22:00