Welcome! Log In Create A New Profile

Advanced

Different protocols for subdomain server blocks. Possible?

Posted by paulm 
Different protocols for subdomain server blocks. Possible?
September 11, 2014 08:16AM
This is obviously possible for entirely different domains, but if you try the following...

server {
listen 443 spdy ssl;
keepalive_timeout 70;
server_name example.co.uk;
client_max_body_size 10M;

ssl_certificate /path/to/ssl.crt;
ssl_certificate_key /path/to/ssl.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
...
}

server {
listen 443 spdy ssl;
keepalive_timeout 70;
server_name weak.example.co.uk;
client_max_body_size 10M;

ssl_certificate /path/to/weakssl.crt;
ssl_certificate_key /path/to/weakssl.key;
ssl_protocols SSLv3;
...
}

... and visit the weak.example.co.uk domain, it uses the ciphers & cert from the correct block, but just the protocols from the first block.

Any advice would be much appreciated.

Thanks.
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 150
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready