Wrong Vhost being followed when using SSL

Igor Sysoev is at rambler-co.ru
Tue Jan 13 16:56:48 MSK 2009

On Sun, Jan 11, 2009 at 12:25:26PM -0800, mike wrote:

> On Sun, Jan 11, 2009 at 12:15 PM, mike <mike503 at gmail.com> wrote:
> > It does appear that the SSL gods have wisened up - no more wasting
> > IPs, hopefully, and with a new protocol/extensions to existing ones it
> > may be possible. I haven't found out yet browser compatibility/etc,
> > and then of course I don't think nginx supports it yet. However, if it
> > does have wide compatibility, this would definately be something to
> > request for nginx (I could use it right now!)
> Oops. According to wikipedia
> http://en.wikipedia.org/wiki/Server_Name_Indication nginx already can
> support this.
> However, I just noticed - IE6 and IE7 on XP don't. Doh. How pathetic.
> All it would be is a frickin couple files changed probably.
> For nginx to support it, you just need OpenSSL built with SNI support
> (--enable-tlsext) and I'm not sure if you have to specify
> ssl_protocols or something related to 'force' that protocol all the
> time in nginx or not.

You do not need to configure SNI in nginx: it just works if there is
OpenSSL support.

> This sucks though. I have to support IE6/IE7 on XP...

The single hope is Windows 7. If it will be lighter than Vista,
then people may consider to upgrade.

Igor Sysoev

More information about the nginx mailing list