NGINX SSL configuration

Maxim Dounin mdounin at
Thu Aug 25 11:54:05 UTC 2016


On Thu, Aug 25, 2016 at 01:37:44AM -0400, henry_nginx_profile wrote:

> hello,i am come from china. i use NGINX in a short period of time. i have
> some confuse about  NGINX's ssl_* directive.
> i have two vhost conf file, the above is my configuration:
> a.conf:
> server {
>      listen 443 ssl;
>      server_name;
>      ssl_protocols  TLSv1.2;
>      ...
> }
> b.conf {
>      listen 443 ssl;
>      server_name;
>      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
>     ...
> }
> my problem:
> i test these two web site use curl tools, "" is  using TLSv1.2
> protocol, this is ok,  but when i testing  "" that only support
> TLS1.2 too,  it seems like b.conf 's ssl_protocols directive is not
> effective, only a.conf's ssl_protools directive effective.

The above configuration won't use different SSL protocols, as 
defined servers are pure virtual and protocol is selected before a 
server name is know.

> my question:
> 1.Dose ssl_protocols directive is only be parser once by NGINX? something
> like NGINX read config file, that find out a.conf's ssl_protocols directive
> and record it, the below ssl_protocol directive will be pass? 


> 2.if question 1 is yes,   how can i  write difference  ssl_*  directive in
> multi vhost?

If you want to use different SSL protocols you have to use 
different IP addresses for your SSL servers, and configure nginx 
to distinguish servers based on IP addresses (instead of using 
name-based virtual servers).

Some information about the problem can be found in the 
"Configuring HTTPS servers" article here:

Maxim Dounin

More information about the nginx mailing list