NGINX1.2.1 SNI provides wrong server certificate

Patrick Laimbock patrick at laimbock.com
Mon Aug 11 14:11:32 UTC 2014


On 11-08-14 10:04, ukr wrote:
> sbin/nginx -V
> nginx version: nginx/1.7.3
> built by gcc 4.7.2 (Debian 4.7.2-5)
> TLS SNI support enabled

Since you are using 1.7.3, in case you missed it:

2014-08-05 nginx-1.6.1 stable and nginx-1.7.4 mainline versions have 
been released, with a fix for the STARTTLS vulnerability discovered by 
Chris Boulton (CVE-2014-3556).

About your issue: maybe read 
http://nginx.org/en/docs/http/configuring_https_servers.html and try 
some of the setups described on that page and see if you can get them to 
work (with a client that supports SNI).

HTH,
Patrick



More information about the nginx mailing list