We’ve recently been doing a lot of consolidation of our disparate hosting environments into Amazon Web Services (AWS). What I first thought was a negative - only being able to associate one (Elastic) IP address to my EC2 instance (without using VPC), turned out to be a positive learning experience.
I learned that with Apache v2.2.12 and OpenSSL v0.9.8j and later you can use transport layer security (TLS) without a headache. I configured SSL as normal on apache, and just added the following to my vhost configuration block. SSLProtocol -ALL +SSLv3 +TLSv1. Now I have multiple virtual hosts using their own SSL certificates while sharing a single Elastic IP.
It’s not supported by all browsers, but it is supported by the following:
- Internet Explorer 7 and later
- Firefox 2
- Opera 8 with TLS 1.1 enabled
- Google Chrome: Supported on Windows XP on Chrome 6 and later Supported on Vista and later by default OS X 10.5.7 in Chrome Version 5.0.342.0 and later
- Safari 2.1 and later (requires OS X 10.5.6 and later or Windows Vista and later).
- Mobile Safari for iOS 4.0
- Android 3.0 (Honeycomb) and later
- Windows Phone 7
No versions of Internet Explorer on Windows XP are supported. I’m pretty sure any remaining XP users have been assimilated into a Russian mafia botnet by now anyways.