Re: [users@httpd] Is it possible to have in Apache 2.4 VirtualHosts, each with its own SSLProtocol ?

Is the client sending hostname header with the correct host, if not by default first vhost will be served. Thanks, Anil > On Oct 16, 2019, at 7:52 AM, Marian Ion wrote: > >> On 16/10/2019 12:44, Martin Drescher wrote: >> So I would suggest, putting the 1.3 only server as the first in your conf

Re: [users@httpd] Is it possible to have in Apache 2.4 VirtualHosts, each with its own SSLProtocol ?

On 16/10/2019 12:44, Martin Drescher wrote: > So I would suggest, putting the 1.3 only server as the first in your config. > I would also suggest, to set 'SSLProtocol -all +TLSv1.2 +TLSv1.3' in the SSL > module's config and after that, deny it in 'second.server.on.my.domain' with > 'SSLProtocol -

Re: [users@httpd] Reverse proxy: how to map a domain.tld to a local host port

On Wed, Oct 16, 2019 at 01:15 wrote: > Is there any way to map each unique domain.tld to a different app at a > unique port just for that domain.tld? > > Why not just using virtualhosts also on your backend > (tomcat,wildfly,jetty,etc)? Also, if you want to use port based VH on your > backend wit

Re: [users@httpd] Is it possible to have in Apache 2.4 VirtualHosts, each with its own SSLProtocol ?

Marian, as far as I understand (educated guess!), the 'server_name' is sent during TLS handshake, but after server & client have agreed to a TLS version. Hence, I would expect, that a client which prefers TLS 1.2 will never see 'second.server.on.my.domain'. Which may exactly be what you want. H

[users@httpd] Is it possible to have in Apache 2.4 VirtualHosts, each with its own SSLProtocol ?

According to "With SNI, you can have many virtual hosts sharing the same IP address and port, and each one can have its own unique certificate (and the rest of the configuration)." So, using Apache 2.4.41 on a Debian Bus