NGINX SSL configuration
Maxim Dounin
mdounin at mdounin.ru
Thu Aug 25 11:54:05 UTC 2016
Hello!
On Thu, Aug 25, 2016 at 01:37:44AM -0400, henry_nginx_profile wrote:
> hello,i am come from china. i use NGINX in a short period of time. i have
> some confuse about NGINX's ssl_* directive.
> i have two vhost conf file, the above is my configuration:
>
> a.conf:
>
> server {
> listen 443 ssl;
> server_name a.example.com;
> ssl_protocols TLSv1.2;
> ...
> }
>
> b.conf {
> listen 443 ssl;
> server_name b.example.com;
> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
> ...
> }
> my problem:
> i test these two web site use curl tools, "a.example.com" is using TLSv1.2
> protocol, this is ok, but when i testing "b.example.com" that only support
> TLS1.2 too, it seems like b.conf 's ssl_protocols directive is not
> effective, only a.conf's ssl_protools directive effective.
The above configuration won't use different SSL protocols, as
defined servers are pure virtual and protocol is selected before a
server name is know.
> my question:
> 1.Dose ssl_protocols directive is only be parser once by NGINX? something
> like NGINX read config file, that find out a.conf's ssl_protocols directive
> and record it, the below ssl_protocol directive will be pass?
No.
> 2.if question 1 is yes, how can i write difference ssl_* directive in
> multi vhost?
If you want to use different SSL protocols you have to use
different IP addresses for your SSL servers, and configure nginx
to distinguish servers based on IP addresses (instead of using
name-based virtual servers).
Some information about the problem can be found in the
"Configuring HTTPS servers" article here:
http://nginx.org/en/docs/http/configuring_https_servers.html#name_based_https_servers
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list