Wrong Vhost being followed when using SSL

Igor Sysoev is at rambler-co.ru
Tue Jan 13 16:56:48 MSK 2009


On Sun, Jan 11, 2009 at 12:25:26PM -0800, mike wrote:

> On Sun, Jan 11, 2009 at 12:15 PM, mike <mike503 at gmail.com> wrote:
> 
> > It does appear that the SSL gods have wisened up - no more wasting
> > IPs, hopefully, and with a new protocol/extensions to existing ones it
> > may be possible. I haven't found out yet browser compatibility/etc,
> > and then of course I don't think nginx supports it yet. However, if it
> > does have wide compatibility, this would definately be something to
> > request for nginx (I could use it right now!)
> 
> Oops. According to wikipedia
> http://en.wikipedia.org/wiki/Server_Name_Indication nginx already can
> support this.
> 
> However, I just noticed - IE6 and IE7 on XP don't. Doh. How pathetic.
> All it would be is a frickin couple files changed probably.
> 
> For nginx to support it, you just need OpenSSL built with SNI support
> (--enable-tlsext) and I'm not sure if you have to specify
> ssl_protocols or something related to 'force' that protocol all the
> time in nginx or not.

You do not need to configure SNI in nginx: it just works if there is
OpenSSL support.

> This sucks though. I have to support IE6/IE7 on XP...

The single hope is Windows 7. If it will be lighter than Vista,
then people may consider to upgrade.


-- 
Igor Sysoev
http://sysoev.ru/en/





More information about the nginx mailing list