TLS SNI support disabled

Jim Ohlstein jim at ohlste.in
Wed May 2 20:05:20 UTC 2012


On 5/2/12 3:54 PM, Cliff Wells wrote:
> On Wed, 2012-05-02 at 12:34 -0700, Justin Dorfman wrote:
>> I was rebuilding nginx on a staging server and noticed: TLS SNI
>> support disabled
>>
>>
>> # /usr/local/nginx/sbin/nginx -V
>> nginx version: nginx/1.0.15
>> built by gcc 4.1.2 20080704 (Red Hat 4.1.2-48/CentOS 5.5 Final)
>> TLS SNI support disabled
>>
>>
>> Is that something I should be concerned about?

TLS/SNI support is  enabled if you build nginx "--with-http_ssl_module"
and if you have an recent enough version of OpenSSL on your system. I
don't think OpenSSL is recent enough on RHEL/CentOS 5.x but should be in
6.x.

> 
> Most likely not.  Great feature, not widely supported across browsers
> yet.
> 

If you exclude Windoze XP and older, and older versions of MacOS, it is
fairly widely supported. I think the biggest problem is the still large
installed base of XP.

http://en.wikipedia.org/wiki/Server_Name_Indication#Support (sorry for
the Wikipedia reference but it seems accurate as of this writing).

> http://en.wikipedia.org/wiki/Server_Name_Indication
> 
> Cliff
> 
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


-- 
Jim Ohlstein



More information about the nginx mailing list