So other folks don't spend half a day poking around before discovering [1] ;).
[1]: http://thread.gmane.org/gmane.comp.web.nginx.english/45403/focus=45715 From: Maxim Dounin Subject: Re: ssl_protocols per server? Date: Fri, 7 Nov 2014 16:38:57 +0300 Message-ID: <[email protected]> --- xml/en/docs/http/ngx_http_ssl_module.xml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/xml/en/docs/http/ngx_http_ssl_module.xml b/xml/en/docs/http/ngx_http_ssl_module.xml index fc7e3bc..73c0fa9 100644 --- a/xml/en/docs/http/ngx_http_ssl_module.xml +++ b/xml/en/docs/http/ngx_http_ssl_module.xml @@ -367,6 +367,17 @@ so when the OpenSSL version 1.0.1 or higher is used on older nginx versions, these protocols work, but cannot be disabled. </note> +<note> +The SSL protocols do not support +<link url="http://en.wikipedia.org/wiki/Server_Name_Indication";>SNI</link>, +but theoretically a TLS-only configuration could set the allowed +protocols independently for each +<link doc="ngx_http_core_module.xml" id="server" /> block. +However, this is not currently possible due to limitations in the +OpenSSL API, and the configured protocols for the +<link doc="ngx_http_core_module.xml" id="listen">default_server</link> +will be used for all connections. +</note> </para> </directive> -- 2.1.0.60.g85f0837
signature.asc
Description: OpenPGP digital signature
_______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
