We’ve recently been doing a lot of consolidation of our disparate hosting environments into Amazon Web Services (AWS).  What I first thought was a negative - only being able to associate one (Elastic) IP address to my EC2 instance (without using VPC), turned out to be a positive learning experience.

I learned that with Apache v2.2.12 and OpenSSL v0.9.8j and later you can use transport layer security (TLS) without a headache.  I configured SSL as normal on apache, and just added the following to my vhost configuration block.  SSLProtocol -ALL +SSLv3 +TLSv1.  Now I have multiple virtual hosts using their own SSL certificates while sharing a single Elastic IP.

It’s not supported by all browsers, but it is supported by the following:

Desktop Browsers

  • Internet Explorer 7 and later
  • Firefox 2
  • Opera 8 with TLS 1.1 enabled
  • Google Chrome: Supported on Windows XP on Chrome 6 and later Supported on Vista and later by default OS X 10.5.7 in Chrome Version 5.0.342.0 and later
  • Safari 2.1 and later (requires OS X 10.5.6 and later or Windows Vista and later).

Mobile Browsers

  • Mobile Safari for iOS 4.0
  • Android 3.0 (Honeycomb) and later
  • Windows Phone 7

No versions of Internet Explorer on Windows XP are supported.  I’m pretty sure any remaining XP users have been assimilated into a Russian mafia botnet by now anyways.

Share this post