[thelist] quick ssl question
Judah McAuley
judah at alphashop.com
Tue Nov 28 17:33:38 CST 2000
>
>Horse's mouth???
>
>http://sitesearch.netscape.com/eng/ssl3/draft302.txt
Great reference. That document specifies that the SSL Handshake protocol
takes place *prior* to any application data transmission. This would
explain why you can't use host headers to have multiple SSL certificates on
a single IP address. The handshake/encryption happens prior to the host
header being sent, so all you have is the IP layer information (IP address
and port number).
So I feel a bit more confident saying that any https url's found in referer
logs are there because of browser programming, rather than urls being
unencrypted.
Judah
More information about the thelist
mailing list