ssl_protocols & SNI

B.R. reallfqq-nginx at yahoo.fr
Thu Jan 19 09:04:46 UTC 2017


Hello,

I tried to overload the value of my default ssl_protocols (http block
level) in a server block.
It did not seem to apply the other value in this virtuel server only.

Since I use SNI on my OpenSSL implementation, which perfectly works to
support multiple virtual servers, I wonder why this SNI capability isn't
leveraged to apply different TLS environment depending on the SNI value and
the TLS directives configured for the virtual server of the asked domain.
Can SNI be used for other TLS configuration directives other than
certificates?

More generally, is it normal you cannot overload directives such as
ssl_protocols or ssl_ciphers in a specific virtual server, using the same
socket as others?
If positive, would it be possible to use SNI to tweak TLS connections
envrionment depending on domain?
---
*B. R.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20170119/d534d66f/attachment.html>


More information about the nginx mailing list