Issue with VirtualHost definition order and SNI SSL

Igor Sysoev is at
Mon Oct 19 14:09:11 MSD 2009

On Fri, Oct 09, 2009 at 05:44:07PM -0700, Linmiao Xu wrote:

> Yes, should be built with SNI support (--with-http_ssl_module and
> --with-openssl=/usr/src/openssl-0.9.8k). I used 0.7.62 and 0.8.19 and both
> gave me the same result. I compiled both with OpenSSL 0.9.8k, which has SNI.
> Before, when I used 0.9.8e (latest version in CentOS 5.3), every virtual
> host would use the same certificate (no SNI). Browser is Firefox 3.5.3 which
> also supports SNI.

As far as I know OpenSSL-0.9.8 is not built with SNI by default, you need to

--with-openssl=/usr/src/openssl-0.9.8k --with-openssl-opt="enable-tlsext"

What does "strings nginx | grep SSL_get_servername" show ?

> The strange part is how it looks like SNI is enabled if I include the TLD
> virtual host first, but isn't enabled if the alias is included first. Do you
> need more information?

Igor Sysoev

More information about the nginx mailing list