Problems with TLS SNI Server Name Indication when using IE9
Axel Holscher (GMAIL)
axelhols at gmail.com
Fri Mar 23 08:22:38 UTC 2012
Hi there,
For those successfully using TLS SNi for https servers.
My IE9 (on Windows7 64 bit) fails to trigger the correct nginx virtual https
server name and SSL certificate (It ignores all except the default -1st
server).
But It seems to work fine with FF10 and Chrome17.
Is this an IE9 issue? or am I missing something from my nginx/openssl
compilation options?
/usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.0.13
built by gcc 4.1.2 20080704 (Red Hat 4.1.2-51)
TLS SNI support enabled
configure arguments: --with-debug --prefix=/usr/local/nginx
--sbin-path=/usr/local/nginx/sbin --with-http_ssl_module
--with-http_gzip_static_module --with-http_realip_module
--with-http_addition_module --with-sha1=/usr/lib --with-md5=/usr/lib
--with-openssl=/home/holscha/downloads/openssl/openssl-1.0.1
bin/openssl version -a
openSSL 1.0.1 14 Mar 2012
built on: Tue Mar 20 23:19:10 CET 2012
platform: linux-x86_64
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int)
blowfish(idx)
compiler: gcc -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT
-DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3
-Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM
-DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/local/ssl"
.
#
# Default Server
#
server {
listen 443;
server_name myaccount.yabroo.at;
ssl on;
ssl_certificate
/etc/httpd/ssl/myaccount.yabroo.at/myaccount.yabroo.at.crt;
ssl_certificate_key
/etc/httpd/ssl/myaccount.yabroo.at/myaccount.yabroo.at.key;
..
}
server {
listen 443;
server_name admin.yabroo.com;
ssl on;
ssl_certificate /etc/httpd/ssl/yabroocom/admin.yabroo.com.crt;
ssl_certificate_key /etc/httpd/ssl/yabroocom/admin.yabroo.com.key;
..
}
..
server {
listen 443;
server_name myaccount.yabroo.com;
ssl on;
ssl_certificate
/etc/httpd/ssl/myaccount.yabroo.com/myaccount.yabroo.com.crt;
ssl_certificate_key
/etc/httpd/ssl/myaccount.yabroo.com/myaccount.yabroo.com.key;
..
}
Regards
Axel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120323/cf55fd31/attachment.html>
More information about the nginx
mailing list