curl "Connection refused" caused by SSL config
Maxim Dounin
mdounin at mdounin.ru
Fri Mar 6 12:47:15 UTC 2015
Hello!
On Thu, Mar 05, 2015 at 09:58:37PM -0500, Fry-kun wrote:
> So it looks like the ssl config is valid per-port only. If I set up a server
> on a different port with different ssl config, it works.
> Is this a bug or is it by design?
This is by design. Before some protocol-specific handshake
happens, it is not possible to tell which virtual server client is
going to request. Therefore, the default server context (and
corresponding options) are used before the handshake.
In this particular case, you are trying to enable SSLv3 for a
virtual server. This is not possible at all even in theory:
there is no SNI extension in SSLv3, and requested virtual server
will be known only after reading an HTTP request. But it won't be
possible to send an HTTP request as SSLv3 is disabled in the
default server, and therefore the SSL handshake will fail.
See here for some additional details about configuring SSL in
nginx:
http://nginx.org/en/docs/http/configuring_https_servers.html
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list