Hi there,
For those successfully using TLS SNi for https servers.
My IE9 (on Windows7 64 bit) fails to trigger the correct nginx virtual
https
server name and SSL certificate (It ignores all except the default -1st
server).
But It seems to work fine with FF10 and Chrome17.
Is this an IE9 issue? or am I missing something from my nginx/openssl
compilation options?
/usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.0.13
built by gcc 4.1.2 20080704 (Red Hat 4.1.2-51)
TLS SNI support enabled
configure arguments: --with-debug --prefix=/usr/local/nginx
–sbin-path=/usr/local/nginx/sbin --with-http_ssl_module
–with-http_gzip_static_module --with-http_realip_module
–with-http_addition_module --with-sha1=/usr/lib --with-md5=/usr/lib
–with-openssl=/home/holscha/downloads/openssl/openssl-1.0.1
bin/openssl version -a
openSSL 1.0.1 14 Mar 2012
built on: Tue Mar 20 23:19:10 CET 2012
platform: linux-x86_64
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int)
blowfish(idx)
compiler: gcc -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT
-DDSO_DLFCN -DHAVE_DLFCN_H -Wa,–noexecstack -m64 -DL_ENDIAN -DTERMIO
-O3
-Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM
-DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: “/usr/local/ssl”
.
Default Server
server {
listen 443;
server_name myaccount.yabroo.at;
ssl on;
ssl_certificate
/etc/httpd/ssl/myaccount.yabroo.at/myaccount.yabroo.at.crt;
ssl_certificate_key
/etc/httpd/ssl/myaccount.yabroo.at/myaccount.yabroo.at.key;
…
}
server {
listen 443;
server_name admin.yabroo.com;
ssl on;
ssl_certificate
/etc/httpd/ssl/yabroocom/admin.yabroo.com.crt;
ssl_certificate_key
/etc/httpd/ssl/yabroocom/admin.yabroo.com.key;
…
}
…
server {
listen 443;
server_name myaccount.yabroo.com;
ssl on;
ssl_certificate
/etc/httpd/ssl/myaccount.yabroo.com/myaccount.yabroo.com.crt;
ssl_certificate_key
/etc/httpd/ssl/myaccount.yabroo.com/myaccount.yabroo.com.key;
…
}
Regards
Axel