Hi, to recap on a previous thread - is nginx currently able to handle SNI based ssl virtual hosts (assuming latest 0.98 openssl)? My host only allows a small number of IPs (8) and I have a bunch of currently unencrypted services (due to lack of free IPs) which might benefit from upgrading to SSL where it's supported , ie Vista IE7 / Firefox, etc (currently > 50% of my visitors) Cheers Ed W
on 17.06.2008 10:11
on 17.06.2008 10:25
On Tue, Jun 17, 2008 at 08:57:56AM +0100, Ed W wrote: > Hi, to recap on a previous thread - is nginx currently able to handle > SNI based ssl virtual hosts (assuming latest 0.98 openssl)? > > My host only allows a small number of IPs (8) and I have a bunch of > currently unencrypted services (due to lack of free IPs) which might > benefit from upgrading to SSL where it's supported , ie Vista IE7 / > Firefox, etc (currently > 50% of my visitors) nginx supports SNI since 0.5.23, it was tested against development OpenSSL 0.9.9 year ago. OpenSSL SNI support had been merged to 0.9.8f, however I did not test it: it might be changed while merging. Also, note that SNI in OpenSSL 0.9.8 is not built by default.
on 17.06.2008 11:10
> nginx supports SNI since 0.5.23, it was tested against development > OpenSSL 0.9.9 year ago. OpenSSL SNI support had been merged to 0.9.8f, > however I did not test it: it might be changed while merging. > Also, note that SNI in OpenSSL 0.9.8 is not built by default. > > How should the config files be layed out to pick this up? Do I just setup a normal vhost type config with normal SSL directives on each and it should just work..? Cheers Ed W P.S. This is quite exciting if it works...!
on 17.06.2008 11:15
On Tue, Jun 17, 2008 at 09:57:31AM +0100, Ed W wrote: > >nginx supports SNI since 0.5.23, it was tested against development > >OpenSSL 0.9.9 year ago. OpenSSL SNI support had been merged to 0.9.8f, > >however I did not test it: it might be changed while merging. > >Also, note that SNI in OpenSSL 0.9.8 is not built by default. > > > > How should the config files be layed out to pick this up? Do I just > setup a normal vhost type config with normal SSL directives on each and > it should just work..? Yes.