Hi there,



For those successfully using TLS SNi for https servers.



My IE9 (on Windows7 64 bit) fails to trigger the correct nginx virtual https
server name and SSL certificate (It ignores all except the default -1st
server).

But It seems to work fine with FF10 and Chrome17.



Is this an IE9 issue? or am I missing something from my nginx/openssl
compilation options?



/usr/local/nginx/sbin/nginx -V

nginx version: nginx/1.0.13

built by gcc 4.1.2 20080704 (Red Hat 4.1.2-51)

TLS SNI support enabled

configure arguments: --with-debug --prefix=/usr/local/nginx
--sbin-path=/usr/local/nginx/sbin --with-http_ssl_module
--with-http_gzip_static_module --with-http_realip_module
--with-http_addition_module --with-sha1=/usr/lib --with-md5=/usr/lib
--with-openssl=/home/holscha/downloads/openssl/openssl-1.0.1

bin/openssl version -a



openSSL 1.0.1 14 Mar 2012

built on: Tue Mar 20 23:19:10 CET 2012

platform: linux-x86_64

options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int)
blowfish(idx)

compiler: gcc -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT
-DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3
-Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM
-DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM

OPENSSLDIR: "/usr/local/ssl"



..

#

# Default Server

#

server {

listen 443;

server_name myaccount.yabroo.at;

ssl on;

ssl_certificate
/etc/httpd/ssl/myaccount.yabroo.at/myaccount.yabroo.at.crt;

ssl_certificate_key
/etc/httpd/ssl/myaccount.yabroo.at/myaccount.yabroo.at.key;

...

}



server {

listen 443;

server_name admin.yabroo.com;

ssl on;

ssl_certificate /etc/httpd/ssl/yabroocom/admin.yabroo.com.crt;

ssl_certificate_key /etc/httpd/ssl/yabroocom/admin.yabroo.com.key;

...

}

...

server {

listen 443;

server_name myaccount.yabroo.com;

ssl on;

ssl_certificate
/etc/httpd/ssl/myaccount.yabroo.com/myaccount.yabroo.com.crt;

ssl_certificate_key
/etc/httpd/ssl/myaccount.yabroo.com/myaccount.yabroo.com.key;

...

}





Regards

Axel



_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx