ssl_protocols per server?

Miguel Clara miguelmclara at gmail.com
Wed Oct 15 23:37:19 UTC 2014


        listen 443 ssl spdy;

Actually but sni is working fine sslabs reports the correct certs... just
tells me SSLv3 is on in all when its only set for one of the domains...
At first I had " ssl_protocols TLSv1 TLSv1.1 TLSv1.2;" at the http level
and just set " ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; " in one of the
servers/domain I removed that for http block and now have the different
"ssl_protocols" directive in the corresponding configs and sslabs reports
the one defined in the first.


If I change the order (sslv3 first) sslabs reports all servers/domains have
sslv3 on but curl fails with "-sslv3" and the error is related to the cert
name ...  but I'm assuming that's just because sni is a TLS extension not
SSL.. so it actually proves sslv3 is on when it shouldn't be!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20141016/17528d89/attachment.html>


More information about the nginx mailing list