Implementing SNI SSL?


#1

Hi, to recap on a previous thread - is nginx currently able to handle
SNI based ssl virtual hosts (assuming latest 0.98 openssl)?

My host only allows a small number of IPs (8) and I have a bunch of
currently unencrypted services (due to lack of free IPs) which might
benefit from upgrading to SSL where it’s supported , ie Vista IE7 /
Firefox, etc (currently > 50% of my visitors)

Cheers

Ed W


#2

On Tue, Jun 17, 2008 at 08:57:56AM +0100, Ed W wrote:

Hi, to recap on a previous thread - is nginx currently able to handle
SNI based ssl virtual hosts (assuming latest 0.98 openssl)?

My host only allows a small number of IPs (8) and I have a bunch of
currently unencrypted services (due to lack of free IPs) which might
benefit from upgrading to SSL where it’s supported , ie Vista IE7 /
Firefox, etc (currently > 50% of my visitors)

nginx supports SNI since 0.5.23, it was tested against development
OpenSSL 0.9.9 year ago. OpenSSL SNI support had been merged to 0.9.8f,
however I did not test it: it might be changed while merging.
Also, note that SNI in OpenSSL 0.9.8 is not built by default.


#3

nginx supports SNI since 0.5.23, it was tested against development
OpenSSL 0.9.9 year ago. OpenSSL SNI support had been merged to 0.9.8f,
however I did not test it: it might be changed while merging.
Also, note that SNI in OpenSSL 0.9.8 is not built by default.

How should the config files be layed out to pick this up? Do I just
setup a normal vhost type config with normal SSL directives on each and
it should just work…?

Cheers

Ed W

P.S. This is quite exciting if it works…!


#4

On Tue, Jun 17, 2008 at 09:57:31AM +0100, Ed W wrote:

nginx supports SNI since 0.5.23, it was tested against development
OpenSSL 0.9.9 year ago. OpenSSL SNI support had been merged to 0.9.8f,
however I did not test it: it might be changed while merging.
Also, note that SNI in OpenSSL 0.9.8 is not built by default.

How should the config files be layed out to pick this up? Do I just
setup a normal vhost type config with normal SSL directives on each and
it should just work…?

Yes.