Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 6EF9C2009F9 for ; Mon, 23 May 2016 15:39:39 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 6DA721609A8; Mon, 23 May 2016 13:39:39 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id B66CC1602C5 for ; Mon, 23 May 2016 15:39:38 +0200 (CEST) Received: (qmail 92402 invoked by uid 500); 23 May 2016 13:39:37 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 92392 invoked by uid 99); 23 May 2016 13:39:37 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 23 May 2016 13:39:37 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 9F089C0713 for ; Mon, 23 May 2016 13:39:36 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.821 X-Spam-Level: X-Spam-Status: No, score=-0.821 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd4-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id MFqO2qINa2UL for ; Mon, 23 May 2016 13:39:34 +0000 (UTC) Received: from mail-qk0-f196.google.com (mail-qk0-f196.google.com [209.85.220.196]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 0BB7E5F3F5 for ; Mon, 23 May 2016 13:39:34 +0000 (UTC) Received: by mail-qk0-f196.google.com with SMTP id i7so18155124qkd.1 for ; Mon, 23 May 2016 06:39:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to; bh=zp83mB9sNTCf2CDXuwkGQpgoWC9qGLpuKKU+QUG/sq8=; b=jZBd49Wxce8vX1kca/rWvufET3WMZKuX/zGmgsfVtP2so96KOMgqwyThMFVUeWboqN QslbayvS2GadG2TeGRDG+gIMS9ahmzWmyOnzzvOBSy+Oovi4gce5nmJ/ugDR/1dX8358 w6ub03kCq42RzfDAT9l5sh1p9K6t0wjQ/Jxj2Df4U9/mVVAUKjOSUCw6Pj6pkkKqkNyl 0XRNuhnCieuHZkCH7aFd2aQGAovb10rm5n9IvUdXCtAfXkknnllEAbzKCZMPLZVN1AST ZrF5LEUmIMzZjIxh0VdyswZ5MBiJh0T849gNGgNp3Kcl8ytmpXVmhmM5HhAPwKLlSbuu chfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to; bh=zp83mB9sNTCf2CDXuwkGQpgoWC9qGLpuKKU+QUG/sq8=; b=QKNLEfrnRwOaJ7PVS31Hk5yfWRd37xURN9ol5wlEwCAjh+3jSXVG+fjedslSyef/4L JQOXdcrRYos7UeMKVOpzXGv6m/vOO9xz39+xdOdx9cjrNe8dxBbR6oxozKSctXETH8Xs n/CbtkKWLEDBI/Gh5+5km5ut9fV4DVDI7RGtMds28/5KGNBu8YHUVCQ/XPviRqwMKTiJ 9BXwCgei4Txo4zwWzBQhVVnsAG55QrYU0Gtqin0zbPrLF9isE+8knPS6z6UUwK93ENEt tDpm3t2XTl+5ANikPR/yElSWbanRQCywgHEJR4vsrEEczO9fmco/vDsORbwParnGNQMm rhDA== X-Gm-Message-State: AOPr4FVpBLEJSc0mbksLDoVKNwgyWii1ZTcwpCP0TsUAuX1qig2qJdqWiIl563pJudF7vmjwRNcUR4OHn0EX6A== MIME-Version: 1.0 X-Received: by 10.55.20.13 with SMTP id e13mr15805179qkh.180.1464010767352; Mon, 23 May 2016 06:39:27 -0700 (PDT) Received: by 10.237.51.100 with HTTP; Mon, 23 May 2016 06:39:27 -0700 (PDT) In-Reply-To: References: Date: Mon, 23 May 2016 09:39:27 -0400 Message-ID: From: Eric Covener To: users@httpd.apache.org Content-Type: text/plain; charset=UTF-8 Subject: Re: [users@httpd] TLS 1.1 and 1.2 and SNI support archived-at: Mon, 23 May 2016 13:39:39 -0000 On Mon, May 23, 2016 at 9:36 AM, linux.il wrote: > As far as I see from my experiments (Apache 2.4.6 on RHEL7) and users > reports, SNI needs TLS 1.0 and doesn't work with TLS1.1/1.2. > This behavior seems me really weird; unfortunately I couldn't find any > explanation for it. > My question is: did I miss something? Is there any way to use SNI w/o > TLSv1? > We want to disable TLS 1.0, but don't want to lost SNI functionality. > > URLs: > - https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI "The first > (default) vhost for SSL name-based virtual hosts must include TLSv1 as a > permitted protocol" > - > http://serverfault.com/questions/700143/does-sni-really-require-tlsv1-insecure > > TIA, > Vitaly > PS: I understand that my question is not 100% on-topic but I hope it's close > enough. All of those references are contrasting TLSv1 with SSLv3, not with TLSv1.2. SNI works fine with TLSv1.0 _and later_ -- Eric Covener covener@gmail.com --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org