https://bz.apache.org/bugzilla/show_bug.cgi?id=62939
--- Comment #1 from Stefan Eissing <[email protected]> --- AFAIK, the TLS protocol selection triggers before the Server Name Indication (SNI) is available and can select your vhost. This means that the protocol settings of the *first* vhost that you define for the given port (here probably 443) will determine the base SSL capabilities, such as protocols. The server does not enforce the protocol version after the connection has been made and the vhost selected, because this would break the negotiation after it happened. This is one of the quirks of mod_ssl and httpd's vhost selection, I'm afraid. In your case, you basically have to decide which SSL protocol versions you want on any address:port combination your server offers. If you can move your special host to a separate IP, make that host the first one for that, the protocol selection can be enforced. Hoppe this helps. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
