Re: Multiple SSL - Calomel - ru.sysoev.nginx

14 messages in ru.sysoev.nginxRe: Multiple SSL

From	Sent On	Attachments
Eire Angel	May 28, 2008 8:07 am
jeff emminger	May 28, 2008 9:20 am
Calomel	May 28, 2008 9:34 am
Corey Donohoe	May 28, 2008 9:43 am
Sean Allen	May 28, 2008 4:09 pm
Eire Angel	May 28, 2008 7:17 pm
Calomel	May 29, 2008 7:57 am
Eire Angel	May 29, 2008 9:16 am
Ed W	May 29, 2008 10:24 am
Calomel	May 29, 2008 12:32 pm
Ed W	May 29, 2008 4:32 pm
eliott	May 29, 2008 9:41 pm
Sean Allen	Jun 4, 2008 3:32 pm
Sean Allen	Jun 5, 2008 8:14 am

	Permalink for this message Paste this link in email or IM:
	Permalink for this thread Paste this link in email or IM:
	Atom feed for this thread Paste this URL into your reader:

Subject:	Re: Multiple SSL	Actions...
From:	Calomel (ngin...@public.gmane.org)
Date:	May 29, 2008 12:32:15 pm
List:	ru.sysoev.nginx

Ed,

As I understand it tlsext is still in "BETA" like stage for 0.9.8g. I also believe remote clients must be strictly RFC 4366 compliant otherwise browsers will still get a SSL error page.

According to Goggle, this site has a test case tlsext setup. https://dave.sni.velox.ch/

On Thu, May 29, 2008 at 06:24:49PM +0100, Ed W wrote:

Sean Allen wrote:

you cant do virtual naming with ssl

because the cert negotation comes first.

However, SNI is rapidly becoming an option?

It appears that SNI support has been backported to at least OpenSSL 0.9.8g ? You need to specify --enable-tlsext when building openssl

What else is required on the nginx side in order to test TLS upgrades? Does someone have a sample config showing this working on some web browser?

Cheers

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets
	Permalink to these results Paste this link in email or IM:
	Atom feed for tracking future search results Paste this URL into your reader: