Issue with VirtualHost definition order and SNI SSL
ianchov
ianchov at gmail.com
Thu Oct 22 17:28:19 MSD 2009
Hi,
I have build nginx with your command line options but still SNi does not
work.
strings nginx | grep SSL show the new OpenSSL 9.9.8k
I have the openssl src on a directory. SHould i install it or it is enough
that nginx is compiled against it??
Igor Sysoev wrote:
>
> On Fri, Oct 09, 2009 at 05:44:07PM -0700, Linmiao Xu wrote:
>
>> Yes, should be built with SNI support (--with-http_ssl_module and
>> --with-openssl=/usr/src/openssl-0.9.8k). I used 0.7.62 and 0.8.19 and
>> both
>> gave me the same result. I compiled both with OpenSSL 0.9.8k, which has
>> SNI.
>> Before, when I used 0.9.8e (latest version in CentOS 5.3), every virtual
>> host would use the same certificate (no SNI). Browser is Firefox 3.5.3
>> which
>> also supports SNI.
>
> As far as I know OpenSSL-0.9.8 is not built with SNI by default, you need
> to
> add
>
> --with-openssl=/usr/src/openssl-0.9.8k --with-openssl-opt="enable-tlsext"
>
> What does "strings nginx | grep SSL_get_servername" show ?
>
>> The strange part is how it looks like SNI is enabled if I include the TLD
>> virtual host first, but isn't enabled if the alias is included first. Do
>> you
>> need more information?
>
>
> --
> Igor Sysoev
> http://sysoev.ru/en/
>
>
>
--
View this message in context: http://n2.nabble.com/Issue-with-VirtualHost-definition-order-and-SNI-SSL-tp3796531p3872281.html
Sent from the nginx mailing list archive at Nabble.com.
More information about the nginx
mailing list