Welcome! Log In Create A New Profile

Advanced

Re: curl "Connection refused" caused by SSL config

Maxim Dounin
March 06, 2015 07:48AM
Hello!

On Thu, Mar 05, 2015 at 09:58:37PM -0500, Fry-kun wrote:

> So it looks like the ssl config is valid per-port only. If I set up a server
> on a different port with different ssl config, it works.
> Is this a bug or is it by design?

This is by design. Before some protocol-specific handshake
happens, it is not possible to tell which virtual server client is
going to request. Therefore, the default server context (and
corresponding options) are used before the handshake.

In this particular case, you are trying to enable SSLv3 for a
virtual server. This is not possible at all even in theory:
there is no SNI extension in SSLv3, and requested virtual server
will be known only after reading an HTTP request. But it won't be
possible to send an HTTP request as SSLv3 is disabled in the
default server, and therefore the SSL handshake will fail.

See here for some additional details about configuring SSL in
nginx:

http://nginx.org/en/docs/http/configuring_https_servers.html

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

curl "Connection refused" caused by SSL config

Fry-kun March 04, 2015 08:10PM

Re: curl "Connection refused" caused by SSL config

Fry-kun March 04, 2015 08:17PM

Re: curl "Connection refused" caused by SSL config

Fry-kun March 05, 2015 09:58PM

Re: curl "Connection refused" caused by SSL config

clementsm March 06, 2015 04:51AM

Re: curl "Connection refused" caused by SSL config

Maxim Dounin March 06, 2015 07:48AM

Re: curl "Connection refused" caused by SSL config

Fry-kun March 06, 2015 01:34PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 71
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready