Wrong Vhost being followed when using SSL
mike503 at gmail.com
Tue Jan 13 22:50:44 MSK 2009
On Jan 13, 2009, at 5:56 AM, Igor Sysoev <is at rambler-co.ru> wrote:
> On Sun, Jan 11, 2009 at 12:25:26PM -0800, mike wrote:
>> On Sun, Jan 11, 2009 at 12:15 PM, mike <mike503 at gmail.com> wrote:
>>> It does appear that the SSL gods have wisened up - no more wasting
>>> IPs, hopefully, and with a new protocol/extensions to existing
>>> ones it
>>> may be possible. I haven't found out yet browser compatibility/etc,
>>> and then of course I don't think nginx supports it yet. However,
>>> if it
>>> does have wide compatibility, this would definately be something to
>>> request for nginx (I could use it right now!)
>> Oops. According to wikipedia
>> http://en.wikipedia.org/wiki/Server_Name_Indication nginx already can
>> support this.
>> However, I just noticed - IE6 and IE7 on XP don't. Doh. How pathetic.
>> All it would be is a frickin couple files changed probably.
>> For nginx to support it, you just need OpenSSL built with SNI support
>> (--enable-tlsext) and I'm not sure if you have to specify
>> ssl_protocols or something related to 'force' that protocol all the
>> time in nginx or not.
> You do not need to configure SNI in nginx: it just works if there is
> OpenSSL support.
>> This sucks though. I have to support IE6/IE7 on XP...
> The single hope is Windows 7. If it will be lighter than Vista,
> then people may consider to upgrade.
Sadly the UI is all vista-y and is really pissing me off. But think of
how long it takes to upgrade the general public. It will be a long
time before SNI equipped windows is the standard. There is probably
more chance in them patching the existing IEs...
> Igor Sysoev
More information about the nginx