[html5] r4404 - [giow] (1) Require SNI in the TLS handshake, to support virtual hosts.
whatwg at whatwg.org
whatwg at whatwg.org
Fri Dec 4 04:05:56 PST 2009
Author: ianh
Date: 2009-12-04 04:05:54 -0800 (Fri, 04 Dec 2009)
New Revision: 4404
Modified:
complete.html
source
Log:
[giow] (1) Require SNI in the TLS handshake, to support virtual hosts.
Modified: complete.html
===================================================================
--- complete.html 2009-12-04 11:37:49 UTC (rev 4403)
+++ complete.html 2009-12-04 12:05:54 UTC (rev 4404)
@@ -65994,13 +65994,20 @@
<li><p>If the connection could not be opened, then <a href=#fail-the-web-socket-connection>fail the
Web Socket connection</a> and abort these steps.</li>
- <li><p>If <var title="">secure</var> is true, perform a TLS
- handshake over the connection. If this fails (e.g. the server's
- certificate could not be verified), then <a href=#fail-the-web-socket-connection>fail the Web Socket
- connection</a> and abort these steps. Otherwise, all further
- communication on this channel must run through the encrypted
- tunnel. <a href=#refsRFC2246>[RFC2246]</a></li>
+ <li>
+ <p>If <var title="">secure</var> is true, perform a TLS handshake
+ over the connection. If this fails (e.g. the server's certificate
+ could not be verified), then <a href=#fail-the-web-socket-connection>fail the Web Socket
+ connection</a> and abort these steps. Otherwise, all further
+ communication on this channel must run through the encrypted
+ tunnel. <a href=#refsRFC2246>[RFC2246]</a></p>
+
+ <p>User agents must use the Server Name Indication extension in
+ the TLS handshake. <a href=#refsRFC4366>[RFC4366]</a></p>
+
+ </li>
+
<li>
<p>Send the following bytes to the remote side (the server):</p>
@@ -66759,7 +66766,15 @@
might need to use some of the information in the client's handshake
to construct it's own handshake.</p>
- <p>To send the handshake, the server must first establish the
+ <p>If the server supports encryption, then the server must perform a
+ TLS handshake over the connection before sending the server
+ handshake. If this fails (e.g. the client indicated a host name in
+ the extended client hello "server_name" extension that the server
+ does not host), then the server must close the connection;
+ otherwise, all further communication for the connection (including
+ the server handshake) must run through the encrypted tunnel. <a href=#refsRFC2246>[RFC2246]</a></p>
+
+ <p>To send the server handshake, the server must first establish the
following information:</p>
<dl><dt><var title="">origin</var></dt>
@@ -86156,6 +86171,12 @@
<dd>(Non-normative) <cite><a href=http://www.ietf.org/rfc/rfc4329.txt>Scripting Media
Types</a></cite>, B. Höhrmann. IETF, April 2006.</dd>
+ <dt id=refsRFC4366>[RFC4366]</dt>
+ <dd><cite><a href=http://www.ietf.org/rfc/rfc4366.txt>Transport
+ Layer Security (TLS) Extensions</a></cite>, S. Blake-Wilson,
+ M. Nystrom, D. Hopwood, J. Mikkelsen, T. Wright. IETF, April
+ 2006.</dd>
+
<dt id=refsRFC4770>[RFC4770]</dt>
<dd><cite><a href=http://www.ietf.org/rfc/rfc4770.txt>vCard Extensions for
Instant Messaging (IM)</a></cite>, C. Jennings, J. Reschke. IETF,
Modified: source
===================================================================
--- source 2009-12-04 11:37:49 UTC (rev 4403)
+++ source 2009-12-04 12:05:54 UTC (rev 4404)
@@ -75289,13 +75289,20 @@
<li><p>If the connection could not be opened, then <span>fail the
Web Socket connection</span> and abort these steps.</p></li>
- <li><p>If <var title="">secure</var> is true, perform a TLS
- handshake over the connection. If this fails (e.g. the server's
- certificate could not be verified), then <span>fail the Web Socket
- connection</span> and abort these steps. Otherwise, all further
- communication on this channel must run through the encrypted
- tunnel. <a href="#refsRFC2246">[RFC2246]</a></p></li>
+ <li>
+ <p>If <var title="">secure</var> is true, perform a TLS handshake
+ over the connection. If this fails (e.g. the server's certificate
+ could not be verified), then <span>fail the Web Socket
+ connection</span> and abort these steps. Otherwise, all further
+ communication on this channel must run through the encrypted
+ tunnel. <a href="#refsRFC2246">[RFC2246]</a></p>
+
+ <p>User agents must use the Server Name Indication extension in
+ the TLS handshake. <a href="#refsRFC4366">[RFC4366]</a></p>
+
+ </li>
+
<li>
<p>Send the following bytes to the remote side (the server):</p>
@@ -76149,7 +76156,16 @@
might need to use some of the information in the client's handshake
to construct it's own handshake.</p>
- <p>To send the handshake, the server must first establish the
+ <p>If the server supports encryption, then the server must perform a
+ TLS handshake over the connection before sending the server
+ handshake. If this fails (e.g. the client indicated a host name in
+ the extended client hello "server_name" extension that the server
+ does not host), then the server must close the connection;
+ otherwise, all further communication for the connection (including
+ the server handshake) must run through the encrypted tunnel. <a
+ href="#refsRFC2246">[RFC2246]</a></p>
+
+ <p>To send the server handshake, the server must first establish the
following information:</p>
<dl>
@@ -96372,6 +96388,12 @@
href="http://www.ietf.org/rfc/rfc4329.txt">Scripting Media
Types</a></cite>, B. Höhrmann. IETF, April 2006.</dd>
+ <dt id="refsRFC4366">[RFC4366]</dt>
+ <dd><cite><a href="http://www.ietf.org/rfc/rfc4366.txt">Transport
+ Layer Security (TLS) Extensions</a></cite>, S. Blake-Wilson,
+ M. Nystrom, D. Hopwood, J. Mikkelsen, T. Wright. IETF, April
+ 2006.</dd>
+
<dt id="refsRFC4770">[RFC4770]</dt>
<dd><cite><a href="http://www.ietf.org/rfc/rfc4770.txt">vCard Extensions for
Instant Messaging (IM)</a></cite>, C. Jennings, J. Reschke. IETF,
More information about the Commit-Watchers
mailing list