Multiple SSL

Calomel nginxlist at calomel.org
Thu May 29 23:32:38 MSD 2008


Ed,

As I understand it tlsext is still in "BETA" like stage for 0.9.8g. I
also believe remote clients must be strictly RFC 4366 compliant
otherwise browsers will still get a SSL error page.

According to Goggle, this site has a test case tlsext setup. 
https://dave.sni.velox.ch/ 

--
  Calomel @ https://calomel.org
  Open Source Research and Reference


On Thu, May 29, 2008 at 06:24:49PM +0100, Ed W wrote:
>Sean Allen wrote:
>>you cant do virtual naming with ssl
>>
>>because the cert negotation comes first.
>
>However, SNI is rapidly becoming an option?
>
>It appears that SNI support has been backported to at least OpenSSL 
>0.9.8g ?  You need to specify --enable-tlsext when building openssl
>
>What else is required on the nginx side in order to test TLS upgrades?  
>Does someone have a sample config showing this working on some web browser?
>
>Cheers
>
>Ed W





More information about the nginx mailing list