Issue with VirtualHost definition order and SNI SSL

Igor Sysoev is at rambler-co.ru
Thu Oct 29 11:42:14 MSK 2009 

On Thu, Oct 29, 2009 at 10:31:21AM +0200, Iantcho Vassilev wrote:

> yes(on the same port)...and it was working for nearly 2 years..

Did these hosts work in MSIE 6.0 ?

> 2009/10/29 Igor Sysoev <is at rambler-co.ru>
> 
> > On Thu, Oct 29, 2009 at 09:35:54AM +0200, Iantcho Vassilev wrote:
> >
> > > Thanks for the info.
> > > I checked the browser  TLS is enabled.
> > > Is there a special way to enable it on the server??
> >
> > http://wiki.nginx.org/NginxHttpSslModule#ssl_protocols
> >
> > > It is very strange for me because before Nginx i was using litespeed and
> > > there every SSL host was listening on 443 and everything worked..how do
> > they
> > > do it i don`t know..??
> >
> > I do not know whether litespeed supports SNI.
> > All these hosts are listen on single IP ?
> >
> > > 2009/10/29 Igor Sysoev <is at rambler-co.ru>
> > >
> > > > On Wed, Oct 28, 2009 at 11:59:44PM +0200, Iantcho Vassilev wrote:
> > > >
> > > > > Here is the debug on the host when only one site listens to 443
> > > > >
> > > > > 2009/10/29 00:55:11 [debug] 9171#0: *195388 http check ssl handshake
> > > > > 2009/10/29 00:55:11 [debug] 9171#0: *195388 https ssl handshake: 0x16
> > > > > 2009/10/29 00:55:11 [debug] 9171#0: *195388 SSL_do_handshake: -1
> > > > > 2009/10/29 00:55:11 [debug] 9171#0: *195388 SSL_get_error: 2
> > > >
> > > > SNI handshake looks like this:
> > > >
> > > > 2009/10/29 09:53:05 [debug] 73997#0: *1 http check ssl handshake
> > > > 2009/10/29 09:53:05 [debug] 73997#0: *1 https ssl handshake: 0x16
> > > > 2009/10/29 09:53:05 [debug] 73997#0: *1 SSL server name: "
> > www.example.com"
> > > > 2009/10/29 09:53:05 [debug] 73997#0: *1 SSL_do_handshake: -1
> > > > 2009/10/29 09:53:05 [debug] 73997#0: *1 SSL_get_error: 2
> > > >
> > > > > 2009/10/29 00:55:11 [debug] 9171#0: *195388 post event
> > 0000000001DD95A0
> > > > > 2009/10/29 00:55:11 [debug] 9171#0: *195388 delete posted event
> > > > > 0000000001DD95A0
> > > > > 2009/10/29 00:55:11 [debug] 9171#0: *195388 SSL handshake handler: 0
> > > > > 2009/10/29 00:55:11 [debug] 9171#0: *195388 SSL_do_handshake: 1
> > > > > 2009/10/29 00:55:11 [debug] 9171#0: *195388 SSL: SSLv3, cipher:
> > > > > "DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1"
> > > >
> > > > For some reason only SSLv3 has been negotiated.
> > > > Either server has no enabled TLSv1 in ssl_protocols, or browser.
> >
> >
> > --
> > Igor Sysoev
> > http://sysoev.ru/en/
> >
> >

-- 
Igor Sysoev
http://sysoev.ru/en/

More information about the nginx mailing list