Opened 8 years ago

Closed 6 years ago

#3668 closed Bug/Something is broken (fixed)

Support SNI (Server Name Indication) for HTTPS

Reported by: Daniel Kahn Gillmor Owned by: Jamie McClelland
Priority: Medium Component: Tech
Keywords: https sni apache nginx openssl Cc:
Sensitive: no

Description

May First/People Link should offer Server Name Indication (SNI) support on its standard servers.

I think mod_ssl with openssl under debian lenny does not currently support this automatically, but the same tools on debian squeeze (not yet released) should support it, if i'm understanding them right.

Another approach would be to use nginx from a recent-enough version to provide proxy service somehow, but i think this depends on versions in squeeze too.

Anyway, even if this ticket doesn't get immediately resolved, i wanted to put it on the to-do list, since most browsers out there finally have SNI support, and it would let us do HTTPS more easily (without requiring one IP address per vhost)

Change History (3)

comment:1 Changed 7 years ago by Daniel Kahn Gillmor

Resolution: fixed
Status: newclosed

We are now running debian squeeze, and mod_ssl supports SNI automatically in this version.

comment:2 Changed 6 years ago by Daniel Kahn Gillmor

Resolution: fixed
Status: closedassigned

This isn't actually fixed yet, because of limitations in red.

comment:3 Changed 6 years ago by Daniel Kahn Gillmor

Resolution: fixed
Status: assignedclosed

ross and i resolved this tonight, with the conclusion of #7401. The first hosting order to make use of this new functionality is https://red.dev.mayfirst.org

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.