Re: A SSL scenario (involving multiple SSL-servers)

--0-768657901-1146010395=:77155
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

remove now!

BJ Swope <bigblueswope@gmail.com> wrote: Every item the browser requests=
, such as images, comes from a unique/distinct connection.

So the links to the other web servers will result in independent connecti=
ons to the other web servers. So you should be good to go.



On 4/24/06, Vishwas <ivishwas@gmail.com> wrote: Hello there,

I have few doubts, the scenario goes as below.

Scenario: There are 4 SSL-enabled Apache servers {A1, A2, A3, A4}, all of=
them independently controlled and have valid certificates. Now, a "user"=
on A1 designs an HTML page ( index.html) that refers to images from all =
the 4 servers. The links to these images are specified in the HTML file u=
sing "https://A[1-4]/..."

Questions:
1. A request for https://A1/~user/index.html comes, The requestor is goin=
g to get a SSL connection from A1. And the content from A1 to the browser=
is flowing through the SSL-tunnel. I think only the files that reside on=
A1 are going to flow through this tunnel from A1 to the browser!? And th=
e files from A2, A3, and A4 are flowing through separate SSL-tunnels to t=
he browser!? Then the browser shows only one PADLOCK symbol, will it be f=
or A1? YES. Then what about the SSL-connections from A2, A3, and A4? How =
does browser tells its user about these connections?=20

2. Or does A1 brings the files from A2, A3, and A4 that referred inside t=
he "index.html" file by the "user" and serves to the browser?

Am confused. Because my understanding was SSL is Secure socket layer, and=
one cannot tamper with this tunnel. And I used to think, when I ask the =
browser to open some URL, it opens a connection (by obtaining a socket, s=
ay 56789, from underlying OS) to the port 80 of URL server. Now I feel, i=
f the URL page has objects residing on other servers, my browser opens se=
parate sockets (different from 56789) for these objects.!? Please clarify=
my doubts. Or point me to some guides et al.=20

Thank you for your patience.

--=20
Best Regards,

Vishwas.=20




=09
---------------------------------
Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ co=
untries) for 2=A2/min or less.
--0-768657901-1146010395=:77155
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

remove now!<BR><BR><B><I>BJ Swope &lt;bigblueswope@gmail.com&gt;</I></B> =
wrote: <BLOCKQUOTE class=3Dreplbq style=3D"PADDING-LEFT: 5px; MARGIN-LEF=
T: 5px; BORDER-LEFT: #1010ff 2px solid">Every item the browser requests, =
such as images, comes from a unique/distinct connection.<BR><BR>So the li=
nks to the other web servers will result in independent connections to th=
e other web servers.&nbsp; So you should be good to go.<BR><BR><BR><BR> =
<DIV><SPAN class=3Dgmail_quote>On 4/24/06, <B class=3Dgmail_sendername>Vi=
shwas</B> &lt;<A href=3D"mailto:ivishwas@gmail.com">ivishwas@gmail. com</A=
>&gt; wrote:</SPAN> <BLOCKQUOTE class=3Dgmail_quote style=3D"PADDING-LEF=
T: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px soli=
d"> <DIV style=3D"DIRECTION: ltr">Hello there,<BR><BR>I have few doubts,=
the scenario goes as below.<BR><BR>Scenario: There are 4 SSL-enabled Apa=
che servers {A1, A2, A3, A4}, all of them independently controlled and ha=
ve valid certificates. Now, a "user" on A1 designs an
HTML page ( index.html) that refers to images from all the 4 servers. Th=
e links to these images are specified in the HTML file using "<A>https://=
A[1-4]/..</A>."<BR><BR>Questions:<BR>1. A request for <A onclick=3D"retur=
n top.js.OpenExtLink(window,event,this)" href=3D"https://a1/%7Euser/index=
..html" target=3D_blank>https://A1/~user/index.html</A> comes, The request=
or is going to get a SSL connection from A1. And the content from A1 to t=
he browser is flowing through the SSL-tunnel. I think only the files that=
reside on A1 are going to flow through this tunnel from A1 to the browse=
r!? And the files from A2, A3, and A4 are flowing through separate SSL-tu=
nnels to the browser!? Then the browser shows only one PADLOCK symbol, wi=
ll it be for A1? YES. Then what about the SSL-connections from A2, A3, an=
d A4? How does browser tells its user about these connections? <BR><BR>2.=
Or does A1 brings the files from A2, A3, and A4 that referred inside the=
"index.html" file by the "user" and serves
to the browser?<BR><BR>Am confused. Because my understanding was SSL is =
Secure socket layer, and one cannot tamper with this tunnel. And I used t=
o think, when I ask the browser to open some URL, it opens a connection (=
by obtaining a socket, say 56789, from underlying OS) to the port 80 of U=
RL server. Now I feel, if the URL page has objects residing on other serv=
ers, my browser opens separate sockets (different from 56789) for these o=
bjects.!? Please clarify my doubts. Or point me to some guides et al. <BR=
><BR>Thank you for your patience.<BR clear=3Dall><BR>-- <BR>Best Regards,=
<BR></DIV> <DIV style=3D"DIRECTION: ltr"><SPAN class=3Dsg>Vishwas. </SPA=
N></DIV></BLOCKQUOTE></DIV><BR></BLOCKQUOTE><BR><p>
<hr size=3D1>Yahoo! Messenger with Voice. <a href=3D"http://us.rd.yahoo=
..com/mail_us/taglines/postman1/*http://us.rd.yahoo.com/evt=3D39663/*http:=
//voice.yahoo.com">Make PC-to-Phone Calls</a> to the US (and 30+ countrie=
s) for 2=A2/min or less.
--0-768657901-1146010395=:77155--
__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org