On 17/10/2019 04:51, Anil Kumar P wrote:
> Is the client sending hostname header with the correct host, if not by
> default first vhost will be served.
Yes, that's why I set "SSLStrictSNIVHostCheck On" -> according to the
documentation "If set to on in the default name-based virtual host,
On 16/10/2019 12:44, Martin Drescher wrote:
> So I would suggest, putting the 1.3 only server as the first in your config.
> I would also suggest, to set 'SSLProtocol -all +TLSv1.2 +TLSv1.3' in the SSL
> module's config and after that, deny it in 'second.server.on.my.domain' with
> 'SSLProtocol
For both I use wildcard certificates for *server.on.my.domain; what I
would like is to have the second server responding to TLS 1.3 only -
however, it seems that the configuration of the first virtual host prevails!
Is it possible to do what I am looking for? if yes, what am I doing wr