Re: The ability to automatically upgrade a reference to HTTPS from HTTP

On 2014-08 -23, at 20:32, Michael Brunnbauer <> wrote:

> Hello Tim,
>> I'm not sure I understand your argument.
>> That's fine if they have the same content for http and https
> [...]
> So if an administrator has 10 HTTP/1.1 sites on the same IP and wants
> to add a https version of one of those sites, what does he do? Will he
> create a SSL version for every site in the configuration although all but
> one of them will be useless and lead to a certificate error? Of course not.

You are referring I think to the problem with HTTPS virtual hosting in general. With SSL and X.509 as originally designed, virtual hosting does not work. That is a general problem with HTTPS.  There are many reasons you can point to why using HTTPS is a pain.  But that is a separate issue.

(See e.g. and )-ssl-certificates-on-one-ip-with-apache-on-ubuntu-12-04  etc)

I wonder what stage SNI adoption is at.

You suggest that if clients try to just add a 's' to an existing URL, that because of the HTTPS virtual hosting problem, they will often find a random HTTPS server from another domain answering in fact, with untrusted cert, where the server admin has had no simple option but to configure it that way.
Now I understand your point I think.


Received on Sunday, 24 August 2014 03:01:31 UTC