[erlang-questions] ssl server multiple certificates

Sergej Jurecko <>
Sun Oct 27 20:10:58 CET 2013


Thank you very much for the info. Looks simpler than I thought.


Sergej

On Oct 27, 2013, at 6:15 PM, Andreas Schultz wrote:

> Hi Sergej,
> 
> No, it's not possible.
> 
> A few ideas on how to add it:
> 
> To do that Erlang SSL would need to support the SNI (Server Name Indication)
> TLS Extensions (RFC 3546). Currently neither in client nor in server mode
> that extension is supported.
> Adding it for client mode should be relatively simple, just add a ssl option
> to pass the server name to the library and include that into a SNI hello
> extension.
> For server mode, things are a bit more complicated. Basically every option
> that's in the ssloption() type needs to be made a per server option with
> the server name as selector. Decoding the client hello extension again is
> simple, then a look up of the options per server name and you're done.
> 
> The extended options could be something like this:
> in server mode: {sni, ServerName:string(), Options:ssloptions()}
> in client mode: {sni, ServerName:string()}
> 
> Andreas
> 
> ----- Original Message -----
>> hello,
>> 
>> Is it possible to host multiple ssl certificates for different domains on a
>> single IP and port? Like nginx is capable of doing.
>> 
>> 
>> Sergej
>> _______________________________________________
>> erlang-questions mailing list
>> 
>> http://erlang.org/mailman/listinfo/erlang-questions
>> 
> 
> -- 
> -- 
> Dipl. Inform.
> Andreas Schultz
> 
> email: 
> phone: +49-391-819099-224
> mobil: +49-170-2226073
> 
> ------------------- enabling your networks -------------------
> 
> Travelping GmbH               phone:         +49-391-819099229
> Roentgenstr. 13               fax:           +49-391-819099299
> D-39108 Magdeburg             email:       
> GERMANY                       web:   http://www.travelping.com
> 
> Company Registration: Amtsgericht Stendal Reg No.:   HRB 10578
> Geschaeftsfuehrer: Holger Winkelmann | VAT ID No.: DE236673780
> --------------------------------------------------------------



More information about the erlang-questions mailing list