undefined | Better HN

0 pointsaaronblohowiak13y ago0 comments

We wouldn't need SSL with name-based virtual hosts if web browsers could use SRV records (and thus connect to different ports, so the server would know which cert to cough up without requiring the name.)

0 comments

kelnos13y ago

This doesn't really scale. Every SSL-protected vhost then needs its own port on the server. In current practice there are probably plenty of free ports, but it just seems like a poor choice overall.

(Regardless, as I mentioned above, name-based vhosts work just fine with HTTPS, using SNI. Much easier to fill in the gaps in browser support for SNI than to get everyone to adopt SRV records.)

j / k navigate · click thread line to collapse

0 pointsaaronblohowiak13y ago0 comments

0 comments

kelnos13y ago

This doesn't really scale. Every SSL-protected vhost then needs its own port on the server. In current practice there are probably plenty of free ports, but it just seems like a poor choice overall.

(Regardless, as I mentioned above, name-based vhosts work just fine with HTTPS, using SNI. Much easier to fill in the gaps in browser support for SNI than to get everyone to adopt SRV records.)

j / k navigate · click thread line to collapse