Welcome! Log In Create A New Profile

Advanced

Re: ssl_protocols per server?

All files from this thread

File Name File Size   Posted by Date  
linkedin.png 655 bytes open | download mike-pt 10/15/2014 Read message
linkedin.png 655 bytes open | download mike-pt 10/16/2014 Read message
Maxim Dounin
November 07, 2014 08:40AM
Hello!

On Fri, Nov 07, 2014 at 04:23:58AM -0500, saravsars wrote:

> Hello
>
> >When using SSLv3 to connect, settings of the default server{}
> >block will be used. This is because there is no SNI in SSLv3, and
> >hence SSL connection is established in the context of the default
> >server{} block
>
> Even with TLSv1.1 and TLSv1.2, default server "ssl_protocols" is only in
> effect.

In theory, this depends on the OpenSSL library behaviour and may
work as long as SNI is used - nginx does it's best to update all
SSL options on SNI callback.

With current OpenSSL code it doesn't seem to work though, as
protocols allowed are checked before SNI callback happens and not
rechecked afterwards. So yes, you are right - "ssl_protocols"
won't do anything good in non-default server{} blocks, even if SNI
is used.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

ssl_protocols per server?

mike-pt October 15, 2014 07:02PM

Re: ssl_protocols per server? Attachments

mike-pt October 15, 2014 07:08PM

Re: ssl_protocols per server?

Francis Daly October 15, 2014 07:14PM

Re: ssl_protocols per server?

mike-pt October 15, 2014 07:38PM

Re: ssl_protocols per server?

mex October 16, 2014 03:15AM

Re: ssl_protocols per server? Attachments

mike-pt October 16, 2014 09:02AM

Re: ssl_protocols per server?

Maxim Dounin October 16, 2014 09:02AM

Re: ssl_protocols per server?

Maxim Dounin October 16, 2014 10:00AM

Re: ssl_protocols per server?

mike-pt October 16, 2014 10:32AM

Re: ssl_protocols per server?

saravsars November 07, 2014 04:23AM

Re: ssl_protocols per server?

Maxim Dounin November 07, 2014 08:40AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 85
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready