Introduction
Until a week ago I’ve been using Windows® XP as the corporate standard prescribes. But having started looking into Microsoft SharePoint 2010, I was allowed to switch to Windows® 7 x64. (The switch also included a very nice MSDN license, thus giving me access to loads of Microsoft sweetness.) The x64 stands for 64 bit of course.
The change from 32 to 64 bits went quite smooth, except for one minor hiccup. There is no 64bit client for Cisco VPN.
There are free and Open Source based VPN clients that are compatible with Cisco that have 64bit versions, but they could not be used in this case. Read more…
The gnutls and gcrypt packages were updated for Ubuntu 8.04, but they are still not right for mod_gnutls.
- libgnutls-dev (2.0.4-1ubuntu2.5)
- libgnutls13 (2.0.4-1ubuntu2.5)
- gnutls-bin (2.0.4-1ubuntu2.5)
- libgcrypt11-dev (1.2.4-2ubuntu7)
- libgcrypt11 (1.2.4-2ubuntu7)
Categories: Architecture Tags: apache, gnutls, http, https, mod_gnutls, mod_ssl, openssl, ssl, TLS, ubuntu, Virtual Hosting
Introduction
Normally having multiple virtual hosts on Apache with HTTPS is not possible. HTTPS is short for HTTP/SSL which means HTTP encapsulated by SSL (Secure Socket Layer). This means the HTTP traffic sent to the Apache webserver is encrypted using SSL.
The VirtualHost definitions in the Apache configuration are used to specify the SSL options. To know what VirtualHost Apache should use, Apache sneak previews the HTTP header to look for the “HOST” field. With HTTPS the HTTP header can only be previewed after the SSL connection has been established, so technically Apache cannot know what VirtualHost definition to use to set up the SSL connection.
Apache could use the correct SSL options if it knew what VirtualHost definition it should use and luckily that is possible. SSL supports several encryption protocols, the newest being TLS (Transport Layer Security). Technically this is a replacement for SSL and would result in HTTP/TLS instead of HTTP/SSL. TLS has a feature called SNI (Server Name Indication) which is the equivalent of HTTP’s “HOST” field.
There are a few problems with SNI though.The standard SSL/TLS module that comes with Apache is mod_ssl, which is based on OpenSSL. Unfortunately OpenSSL does not support SNI in it’s TLS implementation yet. It has been added to OpenSSL 0.99 and backported to 0.98, but mod_ssl doesn’t support it. GnuTLS is an alternative to OpenSSL and it does support the SNI feature in TLS. A GnuTLS based module for Apache is mod_gnutls, but this is not available as a Ubuntu binary. Internet Explorer 7 only supports SNI on Windows Vista, thus causing the same problem as SSL on Windows XP.
Read more…
Categories: Architecture Tags: apache, gnutls, http, https, mod_gnutls, mod_ssl, openssl, ssl, TLS, ubuntu, Virtual Hosting
