TLS extension for hostnames

ericjava Nov 18, 2008 7:42 PM

TLS has a cool feature which makes it easy to do virtual hosts, with TLS, all on one IP address. From: http://www.faqs.org/rfcs/rfc3546.html

3.1. Server Name Indication

 TLS does not provide a mechanism for a client to tell a server the
 name of the server it is contacting. It may be desirable for clients
 to provide this information to facilitate secure connections to
 servers that host multiple 'virtual' servers at a single underlying
 network address.

 In order to provide the server name, clients MAY include an extension
 of type "server_name" in the (extended) client hello. The
 "extension_data" field of this extension SHALL contain
 "ServerNameList" where:

Does JBoss AS support this? It would be very handy to have multiple virt. hosts on one IP address and let them use their own SSL certs, but I can't figure out a way to configure that within the embedded Tomcat and I don't even know if it supports it.

1. Re: TLS extension for hostnames

jfclere Nov 19, 2008 3:50 AM (in response to ericjava)

If you use APR (jbossweb native) the answer is: not it doesn't if (open a JIRA for it).
If you use JIO it is supported if the JVM supports it.
Note that only very new browsers support it.
Actions
2. Re: TLS extension for hostnames

ericjava Nov 19, 2008 11:56 AM (in response to ericjava)

"jfrederic.clere@jboss.com" wrote:
If you use APR (jbossweb native) the answer is: not it doesn't if (open a JIRA for it).

I may do that.

"jfrederic.clere@jboss.com" wrote:
If you use JIO it is supported if the JVM supports it.
Note that only very new browsers support it.

I use JBoss AS 4.2.3 in its default configuration that I just download from JBoss.org. It uses Tomcat as its HTTP server. It's running on the Sun JVM 1.6. Do you know if this is using JIO? Any idea on how to configure that?
Actions

Go to original post