How to force SNI only connections, or have a fallback non-SNI server?
Igor Sysoev
igor at sysoev.ru
Wed Jul 14 11:30:14 MSD 2010
On Tue, Jul 13, 2010 at 04:58:16PM -0300, Tiago Freire wrote:
> Hi,
>
> I have heard about nginx before, and I am now considering to use it for
> several reasons, perfomance is one of them.
>
> I have to put several servers with EV certificates behind a single IP
> though, and I noticed nginx supports SNI.
>
> I know that not all browsers support SNI, but we are developing web
> applications where we can give ourselves the luxury of being a bit picky
> about browser support.
>
> What was not clear in the documentation was: does enabling SNI support
> forces all connections to be SNI, or old browsers will still 'work'?
> I understood that old browsers would only be able to go to the default
> server.
>
> If running with SNI still accepts old browsers, is there a configuration
> option to force SNI-only connections?
>
> Otherwise, is there any way to segregate SNI and non-SNI connections and
> send them to different servers?
Regardless of server SNI support, old browsers get always certificate
of default server and they complain if a server name does not match
a certificate's server name. Theoretically after this you may redirect
them to an other server, but it's too late from user point of view.
--
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx
mailing list