SSL behaviour with multiple server blocks for same port

Pankaj Mehta mehta.pankaj at gmail.com
Thu Jan 23 11:17:42 UTC 2014


Hi,

I am struggling to get any documented reference for my problem in nginx
docs. Hope someone can help before I delve into nginx code:

I want to have multiple server blocks for the https port 443, they will
serve different hostnames. Each block will have it's own ssl configuration.
For example:

server {
  listen 443 ssl
  server_name blah.xyz.com

  ssl protocols TLSv1
  ssl_ciphers AES256-SHA:RC4-SHA;
  ssl_certificate /test/site1.cer;
  ssl_certificate_key /test/site1.key;
  ...
}

server {
  listen 443 ssl
  server_name blah.xyz.com

  ssl protocols TLSv1
  ssl_ciphers AES256-SHA:RC4-SHA;
  ssl_certificate /test/site2.cer;
  ssl_certificate_key /test/site2.key;
  ...
}

These blocks have different ssl certificates. I understand that if I enable
SNI in nginx and the client supports it, then we have a predictable
behaviour where nginx will use the correct ssl parameters from the server
block corresponding to that hostname. But I have no idea which ssl config
will be picked up when the client does not support SNI. Is it the one that
comes first? Also is the behaviour when SNI is disabled in nginx similar to
when SNI is enabled in nginx but client doesn't support it?

Is there a way in nginx to dump the active configs for a port?

Thanks
Pankaj
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20140123/eab67071/attachment.html>


More information about the nginx mailing list