Wrong Vhost being followed when using SSL

mike mike503 at gmail.com
Tue Jan 13 22:50:44 MSK 2009

On Jan 13, 2009, at 5:56 AM, Igor Sysoev <is at rambler-co.ru> wrote:

> On Sun, Jan 11, 2009 at 12:25:26PM -0800, mike wrote:
>> On Sun, Jan 11, 2009 at 12:15 PM, mike <mike503 at gmail.com> wrote:
>>> It does appear that the SSL gods have wisened up - no more wasting
>>> IPs, hopefully, and with a new protocol/extensions to existing  
>>> ones it
>>> may be possible. I haven't found out yet browser compatibility/etc,
>>> and then of course I don't think nginx supports it yet. However,  
>>> if it
>>> does have wide compatibility, this would definately be something to
>>> request for nginx (I could use it right now!)
>> Oops. According to wikipedia
>> http://en.wikipedia.org/wiki/Server_Name_Indication nginx already can
>> support this.
>> However, I just noticed - IE6 and IE7 on XP don't. Doh. How pathetic.
>> All it would be is a frickin couple files changed probably.
>> For nginx to support it, you just need OpenSSL built with SNI support
>> (--enable-tlsext) and I'm not sure if you have to specify
>> ssl_protocols or something related to 'force' that protocol all the
>> time in nginx or not.
> You do not need to configure SNI in nginx: it just works if there is
> OpenSSL support.
>> This sucks though. I have to support IE6/IE7 on XP...
> The single hope is Windows 7. If it will be lighter than Vista,
> then people may consider to upgrade.

Sadly the UI is all vista-y and is really pissing me off. But think of  
how long it takes to upgrade the general public. It will be a long  
time before SNI equipped windows is the standard. There is probably  
more chance in them patching the existing IEs...

> -- 
> Igor Sysoev
> http://sysoev.ru/en/

More information about the nginx mailing list