Using certificates for shared hosting accounts.

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Using certificates for shared hosting accounts.

Post by kaisellgren »

Hi,

I was reading the RFC 3546 and I noticed something interesting I was not aware of earlier:
Allow TLS clients to provide to the TLS server the name of the
server they are contacting. This functionality is desirable to
facilitate secure connections to servers that host multiple
'virtual' servers at a single underlying network address.
It seems that TLS Extensions allows the use of a name-based virtual host within the handshake portion. This means that if the client and the server supports this, we could use non-wildcard certificates for shared hosting accounts like this: https://my-shared-hosting-account.com/

This is feature is welcome, however, as far as I can see from Firefox's source code, I do not see this implemented :(. Firefox simply opens the handshake and specifies the IP address, gets the proper certificate and keys, initializes the connection to a name-based virtual host and notices it does no match and popups and an ugly error of domain mismatch. I actually understand this, Transport Layer Security (TLS) Extensions is not a standard way of doing the things, but rather an extension to the standard TLS. I just hope this becomes implemented in mainstream web browsers (as well as in the web hosts) in the future.
User avatar
mikemike
Forum Contributor
Posts: 355
Joined: Sun May 24, 2009 5:37 pm
Location: Chester, UK

Re: Using certificates for shared hosting accounts.

Post by mikemike »

That'd be handy. Lazy swines.
Post Reply