Re: ssl_protocols & SNI

2017-02-12 Thread Maxim Dounin
Hello! On Fri, Feb 10, 2017 at 03:18:14PM -0800, Frank Liu wrote: > Thanks for explaining why overloading ssl_protocols won't work. Since the > problem is with how OpenSSL works, will it work if we use other openssl > alternatives? I see people reporting boringssl and libressl work fine with >

Re: ssl_protocols & SNI

2017-02-10 Thread Frank Liu
Hi Maxim, Thanks for explaining why overloading ssl_protocols won't work. Since the problem is with how OpenSSL works, will it work if we use other openssl alternatives? I see people reporting boringssl and libressl work fine with nginx. Does nginx still need to be modified to support overloading

Re: ssl_protocols & SNI

2017-01-23 Thread B.R. via nginx
Any help? --- *B. R.* On Thu, Jan 19, 2017 at 7:07 PM, B.R. wrote: > There is something strange, though. > > I configured cipher suites with ssl_ciphers with suites from TLSv1.0 & > TLSv1.2 (TLSv1.1 having no specific cipher suites but merely relying on > thos from

Re: ssl_protocols & SNI

2017-01-19 Thread B.R. via nginx
There is something strange, though. I configured cipher suites with ssl_ciphers with suites from TLSv1.0 & TLSv1.2 (TLSv1.1 having no specific cipher suites but merely relying on thos from TLSv1.0). Those 3 protocols can be tested successfully when ssl_protocols is at its default value (TLSv1

Re: ssl_protocols & SNI

2017-01-19 Thread B.R. via nginx
I acknowledge how that works, although OpenSSL providing more flexibility over SNI for protocols supporting it would have been appreciated. Too bad. Thanks Maxim for you always concise and straightforward discerning answers! --- *B. R.* On Thu, Jan 19, 2017 at 2:36 PM, Maxim Dounin

Re: ssl_protocols & SNI

2017-01-19 Thread Maxim Dounin
Hello! On Thu, Jan 19, 2017 at 10:04:46AM +0100, B.R. via nginx wrote: > Hello, > > I tried to overload the value of my default ssl_protocols (http block > level) in a server block. > It did not seem to apply the other value in this virtuel server only. > > Since I use SNI on my OpenSSL

ssl_protocols & SNI

2017-01-19 Thread B.R. via nginx
Hello, I tried to overload the value of my default ssl_protocols (http block level) in a server block. It did not seem to apply the other value in this virtuel server only. Since I use SNI on my OpenSSL implementation, which perfectly works to support multiple virtual servers, I wonder why this