On Tue, Aug 18, 2020 at 09:28:18PM -0400, trondd wrote:
> The bug here is in how additional listen lines interact with the remaining
> configuration. The first listen line in a server block gets the tls block
> and it doesn't get applied to the second listen line. Except for certs
> and keys
On Sun, Aug 16, 2020 at 02:34:27PM -0400, trondd wrote:
> Oh, I see what you're doing. BOTH listen lines are active in the second
> server block. When you connect to port 443 with that config, which TLS
> settings does it use? I want to guess that because you're lisening on
> port 8000
Aug 16, 2020, 11:44 AM by tro...@kagu-tsuchi.com:
> Because it's not the same IP and port anymore. You can only have one
> thing listening on an ip+port
I got a working httpd config with same IP and same Port
server "domain.tld" {
listen on $ext_ip tls port 443
tls {
Aug 16, 2020, 7:50 AM by tro...@kagu-tsuchi.com:
>>On Sat, Aug 15, 2020 at 04:13:51PM -0700, hisacro wrote:
>
>> $ doas httpd -nv
>> server "sub.domain.tld": tls configuration mismatch on same address/port
>>
>> instead of defining same cipher and ecd
I'm on -current, httpd throws tls misconfig error when different
cipher or ecdhe used but it's bypassed by listen statment.
server "domain.tld" {
listen on * tls port 443
log style combined
hsts
{
subdomains
}
root "/htdocs/domain.tld/"
tls {
5 matches
Mail list logo
