Hi... same behavior! :( secure.example.com = 10.0.0.1 insecure.example.com = 10.0.0.2
Using curl with "host" header: $ curl -kv --tlsv1.0 --tls-max 1.1 -H 'host: insecure.example.com' https://10.0.0.2/ * Trying 10.0.0.2:443... * Connected to 10.0.0.2 (10.0.0.2) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * CAfile: /etc/pki/tls/certs/ca-bundle.crt * TLSv1.0 (OUT), TLS header, Certificate Status (22): * TLSv1.1 (OUT), TLS handshake, Client hello (1): * TLSv1.1 (IN), TLS header, Unknown (21): * TLSv1.1 (IN), TLS alert, internal error (592): * error:0A000438:SSL routines::tlsv1 alert internal error * Closing connection 0 curl: (35) error:0A000438:SSL routines::tlsv1 alert internal error Using curl without "host" header: $ curl -kv --tlsv1.0 --tls-max 1.1 https://10.0.0.2/ * Trying 10.0.0.2:443... * Connected to 10.0.0.2 (10.0.0.2) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * CAfile: /etc/pki/tls/certs/ca-bundle.crt * TLSv1.0 (OUT), TLS header, Certificate Status (22): * TLSv1.1 (OUT), TLS handshake, Client hello (1): * TLSv1.1 (IN), TLS header, Unknown (21): * TLSv1.1 (IN), TLS alert, internal error (592): * error:0A000438:SSL routines::tlsv1 alert internal error * Closing connection 0 curl: (35) error:0A000438:SSL routines::tlsv1 alert internal error On Wed, Aug 24, 2022 at 5:45 PM Maxim Dounin <mdou...@mdounin.ru> wrote: > > Hello! > > On Wed, Aug 24, 2022 at 05:22:10PM -0300, Fabiano Furtado Pessoa Coelho wrote: > > > I'm using NGINX 1.22.0 with OpenSSL 3.0.5 in a Linux x86_64 server > > with one NIC and 2 IPs, with the following config: [...] > What's the IP address of "insecure.example.com" in your tests? > What happens when you test with IP addresses you've configured, > 10.0.0.1 and 10.0.0.2, rather than names? > > -- > Maxim Dounin > http://mdounin.ru/ > _______________________________________________ > nginx mailing list -- nginx@nginx.org > To unsubscribe send an email to nginx-le...@nginx.org _______________________________________________ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org