Welcome! Log In Create A New Profile

Advanced

Re: ssl_protocols per server?

All files from this thread

File Name File Size   Posted by Date  
linkedin.png 655 bytes open | download mike-pt 10/15/2014 Read message
linkedin.png 655 bytes open | download mike-pt 10/16/2014 Read message
November 07, 2014 04:23AM
Hello

>When using SSLv3 to connect, settings of the default server{}
>block will be used. This is because there is no SNI in SSLv3, and
>hence SSL connection is established in the context of the default
>server{} block

Even with TLSv1.1 and TLSv1.2, default server "ssl_protocols" is only in effect.

server {
listen 443 ssl;
server_name a.example.com;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_protocols TLSv1.1 TLSv1.2;
}

server {
listen 443 ssl default_server;
server_name "";
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
}


openssl s_client -connect a.example.com:443 -servername a.example.com -tls1 (success)

TLSv1 is disabled in a.example.com but TLSv1 request is successful.


server {
listen 443 ssl;
server_name a.example.com;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
}

server {
listen 443 ssl default_server;
server_name "";
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_protocols TLSv1.2;
}

openssl s_client -connect a.example.com:443 -servername a.example.com -tls1_1 (failed)

TLSv1, TLSv1.1, TLSv1.2 is enabled for a.example.com but TLSv1 and TLSv1.1 requests get failed.

So, even with SNI clients default_server "ssl_protocols" is only selected.
Subject Author Posted

ssl_protocols per server?

mike-pt October 15, 2014 07:02PM

Re: ssl_protocols per server? Attachments

mike-pt October 15, 2014 07:08PM

Re: ssl_protocols per server?

Francis Daly October 15, 2014 07:14PM

Re: ssl_protocols per server?

mike-pt October 15, 2014 07:38PM

Re: ssl_protocols per server?

mex October 16, 2014 03:15AM

Re: ssl_protocols per server? Attachments

mike-pt October 16, 2014 09:02AM

Re: ssl_protocols per server?

Maxim Dounin October 16, 2014 09:02AM

Re: ssl_protocols per server?

Maxim Dounin October 16, 2014 10:00AM

Re: ssl_protocols per server?

mike-pt October 16, 2014 10:32AM

Re: ssl_protocols per server?

saravsars November 07, 2014 04:23AM

Re: ssl_protocols per server?

Maxim Dounin November 07, 2014 08:40AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 79
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready