<div dir="ltr">Hi,<div><br></div><div>I am struggling to get any documented reference for my problem in nginx docs. Hope someone can help before I delve into nginx code:</div><div><br></div><div>I want to have multiple server blocks for the https port 443, they will serve different hostnames. Each block will have it's own ssl configuration. For example:</div>
<div><br></div><div>server {</div><div> listen 443 ssl</div><div> server_name <a href="http://blah.xyz.com">blah.xyz.com</a></div><div><br></div><div> ssl protocols TLSv1</div><div> ssl_ciphers AES256-SHA:RC4-SHA;</div>
<div><div> ssl_certificate /test/site1.cer;</div><div> ssl_certificate_key /test/site1.key;</div></div><div> ...</div><div>}</div><div><br></div><div><div>server {</div><div> listen 443 ssl</div><div> server_name <a href="http://blah.xyz.com">blah.xyz.com</a></div>
<div><br></div><div> ssl protocols TLSv1</div><div> ssl_ciphers AES256-SHA:RC4-SHA;</div><div><div> ssl_certificate /test/site2.cer;</div><div> ssl_certificate_key /test/site2.key;</div></div><div> ...</div><div>}</div>
</div><div><br></div><div>These blocks have different ssl certificates. I understand that if I enable SNI in nginx and the client supports it, then we have a predictable behaviour where nginx will use the correct ssl parameters from the server block corresponding to that hostname. But I have no idea which ssl config will be picked up when the client does not support SNI. Is it the one that comes first? Also is the behaviour when SNI is disabled in nginx similar to when SNI is enabled in nginx but client doesn't support it?</div>
<div><br></div><div>Is there a way in nginx to dump the active configs for a port?</div><div><br></div><div>Thanks</div><div>Pankaj</div></div>