nginx default SSL SNI host overwrites SSL Protocols

Asked Mar 23 '16 at 20:23

Active Mar 23 '16 at 20:23

Viewed 544 times

I have setup nginx with SSL (SNI based).

My first served vHost uses

server {
...
    listen 443 ssl;
    server_name host1;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
....

On others vhosts I wanted to be stricter and only allow TLSv1.2

server {
...
    listen 443 ssl;
    server_name host2;
    ssl_protocols TLSv1.2;
....

However, whatever I specify in all host configs except the first one, they all have no effect. The only change that occurs is when I change the first vhost. So host2 ends up with: TLSv1 TLSv1.1 TLSv1.2

It works also the other way round:

Only specify TLSv1.2 in first vhost
Specify all protocols in upcoming vhosts
Result is, all vhosts only use TLSv1.2

Is it not possible to use different protocols on different SSL SNI vhosts?

asked Mar 23 '16 at 20:23

lockdoc

nginx default SSL SNI host overwrites SSL Protocols

0 Answers0