Eric and Igor, you're right - SNI works nice with TLS1.x.
In my case it was some weird compatibility issues, not related to SNI.
Thank you very much!
Vitaly
On Tue, May 24, 2016 at 9:37 AM, linux.il wrote:
>
>> > On Mon, May 23, 2016 at 5:16 PM, Eric Covener
>> wrote:
>> >>
>> >> > For some rea
>
>
> > On Mon, May 23, 2016 at 5:16 PM, Eric Covener wrote:
> >>
> >> > For some reason if I add "-TLSv1" to SSLProtocol directive in my
> default
> >> > SSL vhost, SNI isn't working anymore:
> >> >
> >> > "SSLProtocol All -SSLv2 -SSLv3 -TLSv1"
> >> >
> >>
> >> What protocol is used?
On 24 May 2016 12:28 am, "linux.il" wrote:
>
>
>
> On Mon, May 23, 2016 at 5:16 PM, Eric Covener wrote:
>>
>> > For some reason if I add "-TLSv1" to SSLProtocol directive in my
default
>> > SSL vhost, SNI isn't working anymore:
>> >
>> > "SSLProtocol All -SSLv2 -SSLv3 -TLSv1"
>> >
>>
On Mon, May 23, 2016 at 5:31 PM, Eric Covener wrote:
> On Mon, May 23, 2016 at 10:27 AM, linux.il wrote:
> > I'm using the same "curl" and "wget" for testing. As far as I disable
> TLS
> > v1.0, I get "curl: (35) SSL connect error" and
> > "ERROR: certificate common name “mydefault-ssl-vhost-na
On Mon, May 23, 2016 at 10:27 AM, linux.il wrote:
> I'm using the same "curl" and "wget" for testing. As far as I disable TLS
> v1.0, I get "curl: (35) SSL connect error" and
> "ERROR: certificate common name “mydefault-ssl-vhost-name” doesn’t match
> requested host name “my-vhost-name”"
> in wge
On Mon, May 23, 2016 at 5:16 PM, Eric Covener wrote:
> > For some reason if I add "-TLSv1" to SSLProtocol directive in my default
> > SSL vhost, SNI isn't working anymore:
> >
> > "SSLProtocol All -SSLv2 -SSLv3 -TLSv1"
> >
>
> What protocol is used? Does the client send the SNI exten
> For some reason if I add "-TLSv1" to SSLProtocol directive in my default
> SSL vhost, SNI isn't working anymore:
>
> "SSLProtocol All -SSLv2 -SSLv3 -TLSv1"
>
What protocol is used? Does the client send the SNI extension?
-
On Mon, May 23, 2016 at 4:39 PM, Eric Covener wrote:
> On Mon, May 23, 2016 at 9:36 AM, linux.il wrote:
> > As far as I see from my experiments (Apache 2.4.6 on RHEL7) and users
> > reports, SNI needs TLS 1.0 and doesn't work with TLS1.1/1.2.
> > This behavior seems me really weird; unfortunatel
On Mon, May 23, 2016 at 9:36 AM, linux.il wrote:
> As far as I see from my experiments (Apache 2.4.6 on RHEL7) and users
> reports, SNI needs TLS 1.0 and doesn't work with TLS1.1/1.2.
> This behavior seems me really weird; unfortunately I couldn't find any
> explanation for it.
> My question is: d
As far as I see from my experiments (Apache 2.4.6 on RHEL7) and users
reports, SNI needs TLS 1.0 and doesn't work with TLS1.1/1.2.
This behavior seems me really weird; unfortunately I couldn't find any
explanation for it.
My question is: did I miss something? Is there any way to use SNI w/o
TLSv1?
10 matches
Mail list logo
