Issue with VirtualHost definition order and SNI SSL
Igor Sysoev
is at rambler-co.ru
Mon Oct 19 14:09:11 MSD 2009
On Fri, Oct 09, 2009 at 05:44:07PM -0700, Linmiao Xu wrote:
> Yes, should be built with SNI support (--with-http_ssl_module and
> --with-openssl=/usr/src/openssl-0.9.8k). I used 0.7.62 and 0.8.19 and both
> gave me the same result. I compiled both with OpenSSL 0.9.8k, which has SNI.
> Before, when I used 0.9.8e (latest version in CentOS 5.3), every virtual
> host would use the same certificate (no SNI). Browser is Firefox 3.5.3 which
> also supports SNI.
As far as I know OpenSSL-0.9.8 is not built with SNI by default, you need to
add
--with-openssl=/usr/src/openssl-0.9.8k --with-openssl-opt="enable-tlsext"
What does "strings nginx | grep SSL_get_servername" show ?
> The strange part is how it looks like SNI is enabled if I include the TLD
> virtual host first, but isn't enabled if the alias is included first. Do you
> need more information?
--
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx
mailing list