As far as I see from my experiments (Apache 2.4.6 on RHEL7) and users reports, SNI needs TLS 1.0 and doesn't work with TLS1.1/1.2. This behavior seems me really weird; unfortunately I couldn't find any explanation for it. My question is: did I miss something? Is there any way to use SNI w/o TLSv1? We want to disable TLS 1.0, but don't want to lost SNI functionality.
URLs: - https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI "The first (default) vhost for SSL name-based virtual hosts must include TLSv1 as a permitted protocol" - http://serverfault.com/questions/700143/does-sni-really-require-tlsv1-insecure TIA, Vitaly PS: I understand that my question is not 100% on-topic but I hope it's close enough.
