[arch-dev-public] bbs.archlinux.org is now switched to https only!

Thomas Bächler thomas at archlinux.org
Fri Jul 16 05:19:49 EDT 2010

Am 16.07.2010 11:15, schrieb Pierre Schmitz:
> Didn't we have a discussion about this soem time ago? Point 1) is
> simply not true. A SNI compatible client is not needed here. (at least
> if you haven't altered the ssl config)

If I remember correctly, it is correct. Fact is that lighttpd can do it
without SNI, but Apache can't. Apache needs to know which vhost to
consider before being able to set up SSL, as SSL is not a global
setting, but bound to the vhost.

If SNI is not needed, then there is some _undocumented_ Apache magic:
Maybe, apache chooses the default vhost, then sees it is on the wrong
vhost, and switches the context again ... this will work if both vhosts
use the same certificate. As I said, Apache documentation explicitly
states that this is not possible.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-dev-public/attachments/20100716/62f92b3f/attachment.bin>

More information about the arch-dev-public mailing list