Domain: velox.ch
Stories and comments across the archive that link to velox.ch.
Comments · 10
-
Archos 43
Last time I searched for that, I ended up buying an Archos 43 Internet Tablet. It's stuck on Android 2.2, and like Internet Explorer on Windows XP, Android Browser on Android 2.x gives a certificate error when one attempts to view an SSL site on shared hosting. It has a resistive single-touch screen, which is fine for some apps (I borrow a stylus from my Nintendo DS Lite) but doesn't work for, say, games that use an on-screen gamepad. Nor does it ship with Google Play Store; one has to pirate com.android.vending.apk to install it. Do these Cowon products have Android 4, multitouch, and Google Play Store?
-
Android 2.3 doesn't support SNI
Doesn't matter that the screen is "small", or that the processor is barely 1GHz, if that, or it has 512MB of RAM, and ships with 2.3.
Server Name Indication (SNI) allows name-based virtual hosting to work on SSL sites. The only remaining major web browsers that aren't compatible with SNI are Internet Explorer on Windows XP and Android Browser on Android 2.2 or 2.3. Try visiting SNI Test or Pin Eight on Chrome, Firefox on desktop, Safari on recent Mac OS X, or IE on recent Windows. Then try visiting it on your Android 2.x device.
-
No SNI on Android 2
Try visiting Server Name Indication Test on your Gingerbread phone and see how much it works.
-
A certificate isn't the expensive part
A certificate isn't the expensive part; an IP address is. Most of these budget hosting plans pack about a thousand customers' web sites onto one IP address using name-based virtual hosting. Several web browsers still don't support Server Name Indication (SNI), the feature that allows use of name-based virtual hosting with SSL. Clients without SNI, such as Internet Explorer for Windows XP, Safari for Windows XP, and Android Browser for Android 2.x, see the certificate for only the first site on an IP address. Try visiting this site using IE on XP for example.
-
Re:Cost
That is only hearsay about Chrome 8, not to mention by now Chrome 8 is all but is gone from the net. With Chrome's auto-update, it takes about 2 weeks from the release of a new chrome version to the old one being irrelevant. Impressive graph here: http://gs.statcounter.com/#browser_version-ww-weekly-201106-201111 . Chrome 10 came out 2 weeks ago, and Chrome 9 went from ~15% market share to ~0.5% market share in two weeks because of auto-updates. There's now more IE 5 out there then Chrome 8.
Chrome 10 works fine on XP and Windows 7. I just tested them both at https://sni.velox.ch/. I don't have a Vista install handy at the moment, but I'm sure it works fine too.
Chrome used to use the native Windows SSL libraries, but switched to NSS (the firefox crypto library) a few versions ago, and is now working just fine.
As for Safari on Windows XP, the market share is so low that it doesn't matter. Safari on Windows is almost non-existent to begin with.
-
Re:So, what can I do?
It looks like they're finally getting their act together in supporting TLS extensions (ie SNI, Server Name Indication) in Apache, so running multiple ssl domains on a single IP/port will work perfectly. You'll need to use Apache 2.2.13 (IIRC) and a browser that supports TLS (all but IE6, so no problem there)(there's a lovely test page for your browser, which includes the server config)
I'm not sure this version of Apache is in all distros yet, I think Fedora has it and Karmic Koala, but it'll be here soon enough in all of them.
-
Re:The problem is IPv4
Ironically I just visited https://sni.velox.ch/, and all I got was Firefox warning me that I might not want to trust this site
:-) -
Re:The problem is IPv4
This is SNI ( http://en.wikipedia.org/wiki/Server_Name_Indication ) and it is not supported on Safari (any version I am aware of I just tried a nightly build on an intel iMac) nor on any version of IE on XP or earlier. You can verify by visiting https://sni.velox.ch/ and see if you get a warning.
Also you don't need gnutls for SNI since support for SNI has been backported into OpenSSL 0.9.8: http://cvs.openssl.org/chngview?cn=16435
-
Re:Why can't the whole web be HTTPS?
That is already changing. In this site they show how solve this problem with a web server Apache 2.2 with mod_ssl linked against OpenSSL/0.9.8h.
-
You can do this now. Sort of.
SNI (Server Name Indication) support is available, though not out-of-the-box that I'm aware of. See this test site. Sadly, enabling TLSEXT in openssl (required for SNI) seems to require bumping the soname of the library, which nobody wants to do. Hence, the specs remain unimplemented for the next Ubuntu release, later this month. (It's an LTS release, which makes this especially infuriating.)
And you can't use it on any public-facing websites that you care about people going to. It's unsupported in IE6 and even on IE7 unless you're using Vista. (Though Firefox 2 and later work fine.) Because of the enormous clusterfuck that is Vista, most people seem content to stick with XP. So unless you're restricting your site to a select cadre of friends who use browsers that don't suck, SNI is dead in the water for at least a few more years.