On Wed, Jul 14, 2010 at 01:17:57PM -0300, Tiago Freire wrote:
I was hoping that there would be a configuration option on nginx to either:
- give a 403 error - or whatever error is best fit - when it detects
non-SNI SSL handshake; or
- redirect non-SNI SSL handshake traffic to a different virtual server.
Is this list the best place to suggest nginx features?
I do not understand the reason why do you want to detect non-SNI
If you want to avoid browser message about inappropriate certificate,
this is not allowed by SSL protocol: before nginx may show 403 error or
send redirect to a client, the client must to establish SSL connection.
And certificate is indispensable thing during this process.
If you want to show 403 error or send redirect AFTER browser has shown
a message about inappropriate certificate, then you may try this
listen 443 default;
Non-SNI browsers will always get dummy.name.cert, show the message,
and get 403 error.
SNI-enabled browsers will get appropriate certificate and will go
to appropriate site.
though, and I noticed nginx supports SNI.
If running with SNI still accepts old browsers, is there a configuration
Tiago Mikhael Pastorello Freire a.k.a. Brazilian Joe
nginx mailing list