[joomla] SSL virtual hosting
Gary A. Mort
garyamort at gmail.com
Mon Nov 25 08:39:03 EST 2013
I hadn't looked at how SSL works on web servers for a number of years.
The last time I worked with SSL the common rule was that you had to have
a distinct IP address for every domain name that you wanted to use SSL
for[so you could have an SSL certificate for each different domain]
Heck, even the Apache Wiki still states it in some places:
http://wiki.apache.org/httpd/NameBasedSSLVHosts
However, when poking around I ran across references to SNI and using
multiple certificates for the same IP Address.
http://www.ietf.org/rfc/rfc4366.txt This dates all the way back to 2006,
so it has been around for quite a while!
Browser support for it goes back a good way as well:
http://en.wikipedia.org/wiki/Server_Name_Indication#Browsers_with_support_for_TLS_server_name_indication.5B6.5D
Interestingly, for Internet Explorer it isn't the browser version which
matters, but the operating system, IE uses the operating system to
perform SSL encryption. This means that it won't work in IE on Windows
XP or any earlier windows operating system. It will work for Internet
Explorer on Windows Vista[released in 2007] and any later windows
operating system.
As such, it's a fair to say that SSL for virtual hosts will work for
almost all users these days - and there is no reason not to enforce the
use of SSL for the Joomla Admin section as well as make sure that all
your admin users, at the very least, use SSL when they log on to your
websites.
This may be old news to everyone here, but since it was new to me I
figured I'd pass it on.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/joomla/attachments/20131125/727c1533/attachment-0001.html>
More information about the Joomla
mailing list