-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Move nginx ssl_protocols directive outside of server context into new parent http context #141
Comments
Thanks @gene1wood! I have moved in
Furthermore, as I have at least one self-signed TLS certificate, I prefer to keep the OCSP configuration within the
At least And read some interesting comment: #124 (comment). |
Nginx support both the Ngixn documentation is not complete reference for all use cases, more information about correct nginx configuration located in nginx trac and nginx maillists.
No! This is not true. In different IP-based (or port-based) virtual servers are quite possible use different ssl_protocols. You tries to set different ssl_protocols in name-based virtual
Yes, this is my comment with detailed explain how ssl directives work in the nginx. I copy text of that my message here: This is not nginx bugs. Bugs are in your configuration and expectations.
More about this is here: https://trac.nginx.org/nginx/ticket/676 This and other nuances of applying configuration for name-based http://nginx.org/en/docs/http/server_names.html#virtual_server_selection
|
Instead of creating a dummy certificate, we can return an SSL protocol error, which will generate a descriptive error message in the browser.
Currently the nginx template doesn't assert an
http
context and just containsserver
contexts.In the template's
server
context we assertssl_protocols
As mentioned in #76 the
ssl_protocols
directive is not actually specific to each vhost. According to https://trac.nginx.org/nginx/ticket/844So for clarity (that the
ssl_protocols
is not per vhost) how about we move it out of theserver
context and into a parenthttp
context?We see someone encountering this problem in #140
The text was updated successfully, but these errors were encountered: