Different TLS versions for Different vHosts
Maxim Dounin
mdounin at mdounin.ru
Mon May 30 22:49:19 UTC 2022
Hello!
On Mon, May 30, 2022 at 05:52:24PM -0400, jinshu wrote:
> I am using nginx/1.20.1 and i am still searching for solution for
> configuring different ssl_protocol version for different vhosts. Currently
> it is reasing the first vhost ssl setting and applied to all following
> vhosts.
OpenSSL selects the protocol to use based on the settings of the
initial SSL context when establishing an SSL connection, before
applying any SNI-based settings. This means that it is basically
not possible to use different SSL/TLS protocols in different
name-based virtual servers. On the other hand, it is possible to
do so by using IP-based virtual servers.
See
http://nginx.org/en/docs/http/request_processing.html#mixed_name_ip_based_servers
for basic information about configuring IP-based virtual servers
along with name-based ones.
Hope this helps.
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx
mailing list