Hello! On Thu, Mar 05, 2015 at 09:58:37PM -0500, Fry-kun wrote:
> So it looks like the ssl config is valid per-port only. If I set up a server > on a different port with different ssl config, it works. > Is this a bug or is it by design? This is by design. Before some protocol-specific handshake happens, it is not possible to tell which virtual server client is going to request. Therefore, the default server context (and corresponding options) are used before the handshake. In this particular case, you are trying to enable SSLv3 for a virtual server. This is not possible at all even in theory: there is no SNI extension in SSLv3, and requested virtual server will be known only after reading an HTTP request. But it won't be possible to send an HTTP request as SSLv3 is disabled in the default server, and therefore the SSL handshake will fail. See here for some additional details about configuring SSL in nginx: http://nginx.org/en/docs/http/configuring_https_servers.html -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
