Wrong Vhost being followed when using SSL

mike mike503 at gmail.com
Sun Jan 11 23:25:26 MSK 2009


On Sun, Jan 11, 2009 at 12:15 PM, mike <mike503 at gmail.com> wrote:

> It does appear that the SSL gods have wisened up - no more wasting
> IPs, hopefully, and with a new protocol/extensions to existing ones it
> may be possible. I haven't found out yet browser compatibility/etc,
> and then of course I don't think nginx supports it yet. However, if it
> does have wide compatibility, this would definately be something to
> request for nginx (I could use it right now!)

Oops. According to wikipedia
http://en.wikipedia.org/wiki/Server_Name_Indication nginx already can
support this.

However, I just noticed - IE6 and IE7 on XP don't. Doh. How pathetic.
All it would be is a frickin couple files changed probably.

For nginx to support it, you just need OpenSSL built with SNI support
(--enable-tlsext) and I'm not sure if you have to specify
ssl_protocols or something related to 'force' that protocol all the
time in nginx or not.

This sucks though. I have to support IE6/IE7 on XP...





More information about the nginx mailing list