Issue with VirtualHost definition order and SNI SSL
Igor Sysoev
is at rambler-co.ru
Tue Oct 27 08:49:28 MSK 2009
On Thu, Oct 22, 2009 at 06:28:19AM -0700, ianchov wrote:
>
>
> Hi,
>
> I have build nginx with your command line options but still SNi does not
> work.
> strings nginx | grep SSL show the new OpenSSL 9.9.8k
> I have the openssl src on a directory. SHould i install it or it is enough
> that nginx is compiled against it??
I meant not "strings nginx | grep SSL", but
"strings nginx | grep SSL_get_servername".
Anyway, try to build the lastest 0.8.21 or 0.7.63 and run
nginx -V 2>&1 | grep SNI
> Igor Sysoev wrote:
> >
> > On Fri, Oct 09, 2009 at 05:44:07PM -0700, Linmiao Xu wrote:
> >
> >> Yes, should be built with SNI support (--with-http_ssl_module and
> >> --with-openssl=/usr/src/openssl-0.9.8k). I used 0.7.62 and 0.8.19 and
> >> both
> >> gave me the same result. I compiled both with OpenSSL 0.9.8k, which has
> >> SNI.
> >> Before, when I used 0.9.8e (latest version in CentOS 5.3), every virtual
> >> host would use the same certificate (no SNI). Browser is Firefox 3.5.3
> >> which
> >> also supports SNI.
> >
> > As far as I know OpenSSL-0.9.8 is not built with SNI by default, you need
> > to
> > add
> >
> > --with-openssl=/usr/src/openssl-0.9.8k --with-openssl-opt="enable-tlsext"
> >
> > What does "strings nginx | grep SSL_get_servername" show ?
> >
> >> The strange part is how it looks like SNI is enabled if I include the TLD
> >> virtual host first, but isn't enabled if the alias is included first. Do
> >> you
> >> need more information?
> >
> >
> > --
> > Igor Sysoev
> > http://sysoev.ru/en/
> >
> >
> >
>
> --
> View this message in context: http://n2.nabble.com/Issue-with-VirtualHost-definition-order-and-SNI-SSL-tp3796531p3872281.html
> Sent from the nginx mailing list archive at Nabble.com.
--
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx
mailing list