Discussion about SSL, TLS and SPDY

3 posts / 0 new
Last post
#1 Thu, 04/17/2014 - 05:10
amityweb

Discussion about SSL, TLS and SPDY

Hi all!

Firstly, we do not use SSL on all our sites because of the requirement to have a dedicated IP per domain, and then the cost of SSLs. Everyone wants low cost hosting, to charge SSL on top of that would not be acceptable to a lot of customers, and server providers always seem reluctant to give out IP addresses. Imagine the cost of a server with 100 websites, so 100 IPs and 100 SSLs.

I have discovered SPDY. I am always looking into speeding up websites. But this requires https://, so I thought individual IPs and SSLs per domain.

But a thread I started here https://groups.google.com/forum/#!topic/spdy-dev/z73BNW3sm8U, states we do NOT need an individual SSL and IP per domain, we can use TLS. I am not familiar with this.

So I wanted to start a discussion on the subject, mainly...

Can we therefore secure websites using https without the need for separate domains and IP addresses per domain (so using TLS), then we can also take advantage of SPDY, and how would we do this in Virtualmin/Webmin?

Thanks!

Thu, 04/17/2014 - 10:50
andreychek

Howdy,

It looks like they're suggesting the use of SNI.

SNI does indeed allow you to run with multiple SSL Certificates on one IP address.

That's only supported by newer browsers though -- if you need support by all browsers, that could cause some problems.

Using it is as simple as enabling SSL on multiple domains though on the same IP address.

-Eric

Sun, 04/20/2014 - 14:01
Locutus

Here's a list of software that does NOT support SNI: http://en.wikipedia.org/wiki/Server_Name_Indication#No_support

I think with the end of support for Windows XP, i.e. this dinosaur of an OS will hopefully vanish sometime soon, it's not as important anymore to support Internet Explorer on XP, which looks like the only major browser that does not support SNI at this point.

Topic locked