[Python-ideas] Fwd: PEP 3156: getting the socket or peer name from the transport
Yuval Greenfield
ubershmekel at gmail.com
Sun Jan 27 18:41:28 CET 2013
On Sun, Jan 27, 2013 at 7:11 PM, Umbrella Code <shane at umbrellacode.com>wrote:
> It's been a few years so my memory must be rusty, but where is the https
> protocol dependent on the transport/SSL setup in that way?
>
> Sent from my iPad
>
> Begin forwarded message:
>
>
I can't speak for Antoine but I'm guessing he's talking about SNI:
* a VPS server hosts 2 sites with 2 certificates for "mysite.com" and "
yoursite.com"
* the original TCP server has no idea which cert to use as both sites share
the same IP address and port.
* the solution is the client sends the hostname in the TLS handshake.
So the DNS or HTTP line "host: mysite.com" is also used in the TLS layer.
This example agrees with Antoine but it's in the reverse direction, so
maybe he has another one in mind.
http://en.wikipedia.org/wiki/Transport_Layer_Security#Support_for_name-based_virtual_servers
http://en.wikipedia.org/wiki/HTTP_Secure#Limitations
http://en.wikipedia.org/wiki/Server_Name_Indication
Yuval
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20130127/d5bc578f/attachment.html>
More information about the Python-ideas
mailing list