Different TLS versions for Different vHosts

Maxim Dounin mdounin at mdounin.ru
Mon May 30 22:49:19 UTC 2022


On Mon, May 30, 2022 at 05:52:24PM -0400, jinshu wrote:

> I am using nginx/1.20.1 and i am still searching for solution for
> configuring different ssl_protocol version for different vhosts. Currently
> it is reasing the first vhost ssl setting and applied to all following
> vhosts.

OpenSSL selects the protocol to use based on the settings of the 
initial SSL context when establishing an SSL connection, before 
applying any SNI-based settings.  This means that it is basically 
not possible to use different SSL/TLS protocols in different 
name-based virtual servers.  On the other hand, it is possible to 
do so by using IP-based virtual servers.



for basic information about configuring IP-based virtual servers 
along with name-based ones.

Hope this helps.

Maxim Dounin

More information about the nginx mailing list