Issue with VirtualHost definition order and SNI SSL

[Iantcho Vassilev]

Thanks for the info.
I checked the browser  TLS is enabled.
Is there a special way to enable it on the server??


It is very strange for me because before Nginx i was using litespeed and
there every SSL host was listening on 443 and everything worked..how do they
do it i don`t know..??



2009/10/29 Igor Sysoev <is at rambler-co.ru>

> On Wed, Oct 28, 2009 at 11:59:44PM +0200, Iantcho Vassilev wrote:
>
> > Here is the debug on the host when only one site listens to 443
> >
> > 2009/10/29 00:55:11 [debug] 9171#0: *195388 http check ssl handshake
> > 2009/10/29 00:55:11 [debug] 9171#0: *195388 https ssl handshake: 0x16
> > 2009/10/29 00:55:11 [debug] 9171#0: *195388 SSL_do_handshake: -1
> > 2009/10/29 00:55:11 [debug] 9171#0: *195388 SSL_get_error: 2
>
> SNI handshake looks like this:
>
> 2009/10/29 09:53:05 [debug] 73997#0: *1 http check ssl handshake
> 2009/10/29 09:53:05 [debug] 73997#0: *1 https ssl handshake: 0x16
> 2009/10/29 09:53:05 [debug] 73997#0: *1 SSL server name: "www.example.com"
> 2009/10/29 09:53:05 [debug] 73997#0: *1 SSL_do_handshake: -1
> 2009/10/29 09:53:05 [debug] 73997#0: *1 SSL_get_error: 2
>
> > 2009/10/29 00:55:11 [debug] 9171#0: *195388 post event 0000000001DD95A0
> > 2009/10/29 00:55:11 [debug] 9171#0: *195388 delete posted event
> > 0000000001DD95A0
> > 2009/10/29 00:55:11 [debug] 9171#0: *195388 SSL handshake handler: 0
> > 2009/10/29 00:55:11 [debug] 9171#0: *195388 SSL_do_handshake: 1
> > 2009/10/29 00:55:11 [debug] 9171#0: *195388 SSL: SSLv3, cipher:
> > "DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1"
>
> For some reason only SSLv3 has been negotiated.
> Either server has no enabled TLSv1 in ssl_protocols, or browser.
>
>
> --
> Igor Sysoev
> http://sysoev.ru/en/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20091029/0121f258/attachment.html>