I was hoping that there would be a configuration option on nginx to either:<div>1) give a 403 error - or whatever error is best fit - when it detects non-SNI SSL handshake; or</div><div>2) redirect non-SNI SSL handshake traffic to a different virtual server.<br>
<div><br></div><div>Is this list the best place to suggest nginx features?</div><div><br></div><div><br><div class="gmail_quote">On Wed, Jul 14, 2010 at 4:30 AM, Igor Sysoev <span dir="ltr"><<a href="mailto:igor@sysoev.ru">igor@sysoev.ru</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div><div></div><div class="h5">On Tue, Jul 13, 2010 at 04:58:16PM -0300, Tiago Freire wrote:<br>
<br>
> Hi,<br>
><br>
> I have heard about nginx before, and I am now considering to use it for<br>
> several reasons, perfomance is one of them.<br>
><br>
> I have to put several servers with EV certificates behind a single IP<br>
> though, and I noticed nginx supports SNI.<br>
><br>
> I know that not all browsers support SNI, but we are developing web<br>
> applications where we can give ourselves the luxury of being a bit picky<br>
> about browser support.<br>
><br>
> What was not clear in the documentation was: does enabling SNI support<br>
> forces all connections to be SNI, or old browsers will still 'work'?<br>
> I understood that old browsers would only be able to go to the default<br>
> server.<br>
><br>
> If running with SNI still accepts old browsers, is there a configuration<br>
> option to force SNI-only connections?<br>
><br>
> Otherwise, is there any way to segregate SNI and non-SNI connections and<br>
> send them to different servers?<br>
<br>
</div></div>Regardless of server SNI support, old browsers get always certificate<br>
of default server and they complain if a server name does not match<br>
a certificate's server name. Theoretically after this you may redirect<br>
them to an other server, but it's too late from user point of view.<br>
<font color="#888888"><br>
<br>
--<br>
Igor Sysoev<br>
<a href="http://sysoev.ru/en/" target="_blank">http://sysoev.ru/en/</a><br>
</font><div><div></div><div class="h5"><br>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
<a href="http://nginx.org/mailman/listinfo/nginx" target="_blank">http://nginx.org/mailman/listinfo/nginx</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>-----<br>Tiago Mikhael Pastorello Freire a.k.a. Brazilian Joe<br>
</div></div>