[thelist] quick ssl question

Judah McAuley judah at alphashop.com
Tue Nov 28 17:33:38 CST 2000


>
>Horse's mouth???
>
>http://sitesearch.netscape.com/eng/ssl3/draft302.txt

Great reference.  That document specifies that the SSL Handshake protocol 
takes place *prior* to any application data transmission.  This would 
explain why you can't use host headers to have multiple SSL certificates on 
a single IP address.  The handshake/encryption happens prior to the host 
header being sent, so all you have is the IP layer information (IP address 
and port number).

So I feel a bit more confident saying that any https url's found in referer 
logs are there because of browser programming, rather than urls being 
unencrypted.

Judah





More information about the thelist mailing list