httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "linux.il" <linux...@gmail.com>
Subject Re: [users@httpd] TLS 1.1 and 1.2 and SNI support
Date Mon, 23 May 2016 14:27:59 GMT
On Mon, May 23, 2016 at 5:16 PM, Eric Covener <covener@gmail.com> wrote:

> > For some reason if I add "-TLSv1" to SSLProtocol directive in my default
> > SSL vhost, SNI isn't working anymore:
> >
> >  "SSLProtocol             All -SSLv2 -SSLv3 -TLSv1"
> >
>
> What protocol is used? Does the client send the SNI extension?
>
> I'm using  the same "curl" and "wget" for testing. As far as I disable TLS
v1.0, I get "curl: (35) SSL connect error" and
"ERROR: certificate common name “mydefault-ssl-vhost-name” doesn’t match
requested host name “my-vhost-name”"
in wget.
BTW, similar issue reported here
http://serverfault.com/questions/700143/does-sni-really-require-tlsv1-insecure

Mime
View raw message