[PATCH] ngx_http_ssl_module: Document default_server for ssl_protocols

W. Trevor King wking at tremily.us
Fri Aug 21 05:56:24 UTC 2015


So other folks don't spend half a day poking around before discovering
[1] ;).

[1]: http://thread.gmane.org/gmane.comp.web.nginx.english/45403/focus=45715
     From: Maxim Dounin
     Subject: Re: ssl_protocols per server?
     Date: Fri, 7 Nov 2014 16:38:57 +0300
     Message-ID: <20141107133857.GF22132 at mdounin.ru>
---
 xml/en/docs/http/ngx_http_ssl_module.xml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/xml/en/docs/http/ngx_http_ssl_module.xml b/xml/en/docs/http/ngx_http_ssl_module.xml
index fc7e3bc..73c0fa9 100644
--- a/xml/en/docs/http/ngx_http_ssl_module.xml
+++ b/xml/en/docs/http/ngx_http_ssl_module.xml
@@ -367,6 +367,17 @@ so when the OpenSSL version 1.0.1 or higher
 is used on older nginx versions, these protocols work, but cannot
 be disabled.
 </note>
+<note>
+The SSL protocols do not support
+<link url="http://en.wikipedia.org/wiki/Server_Name_Indication">SNI</link>,
+but theoretically a TLS-only configuration could set the allowed
+protocols independently for each
+<link doc="ngx_http_core_module.xml" id="server" /> block.
+However, this is not currently possible due to limitations in the
+OpenSSL API, and the configured protocols for the
+<link doc="ngx_http_core_module.xml" id="listen">default_server</link>
+will be used for all connections.
+</note>
 </para>
 
 </directive>
-- 
2.1.0.60.g85f0837

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20150820/93844b54/attachment.bin>


More information about the nginx-devel mailing list