LWN.net Logo

Advertisement

TrustCommerce

E-Commerce & credit card processing - the Open Source way!

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for July 2, 2009

RealtimeKit and the audio problem

VFAT patent avoidance and patent workarounds

LWN.net Weekly Edition for June 25, 2009

Apache attacked by a "slow loris"

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

another drawback

another drawback

Posted Jan 3, 2008 8:15 UTC (Thu) by TRS-80 (subscriber, #1804)
In reply to: another drawback by mattdm
Parent article: The future of unencrypted web traffic

Firefox 2, Opera 8 and IE7 (on Vista) all support TLS SNI (RFC 3546), so it's probably feasible to start deploying widely in a year or two (which is sooner than IPv6 will become mainstream). Try out your browser at https://carol.sni.velox.ch/.

(Log in to post comments)

another drawback

Posted Jan 3, 2008 11:48 UTC (Thu) by sitaram (subscriber, #5959) [Link] 

it's RFC 4366 now

another drawback

Posted Jan 3, 2008 12:10 UTC (Thu) by redenisc (subscriber, #43086) [Link] 

Browsers support for SNI is improving indeed. What about server support 
though. OpenSSL supports SNI as of 0.9.9 which is not released at the time 
of writing. Hence Apache mod_ssl does not support SNI, hence most deployed 
HTTP servers will not support SNI for the next few years.

another drawback

Posted Jan 3, 2008 13:31 UTC (Thu) by tialaramex (subscriber, #21167) [Link] 

Bulk hosting is the main application though, and the people doing bulk hosting already have
some guy with a beard and a hand-modified version of Perl working for them so this isn't so
scary. A lot of them still run Linux 2.4, have their own CVS tree for Apache, that sort of
thing.

This is the right way round to deploy stuff anyway, you only need one server to provide the
service, but you need as many user agents as possible to support it, or it's useless. If in
2008 just one company, say Dreamhost, offer this as a service, but 95% of people with web
browsers have a new enough one that it supports SNI, then you've got something useful. The
opposite way around would be completely worthless.

another drawback

Posted Jan 3, 2008 13:55 UTC (Thu) by cortana (subscriber, #24596) [Link] 

FYI, SNI was backported to OpenSSL 0.9.8g, and there is a patch in Apache's bug tracking
system which works fine in my informal tests (which included backporting OpenSSL 0.9.8g to the
current stable release of Debian, and rebuilding Apache on same--both tasks were nice and
easy). :)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds