On Mon, May 23, 2016 at 9:36 AM, linux.il <linux.il@xxxxxxxxx> wrote: > As far as I see from my experiments (Apache 2.4.6 on RHEL7) and users > reports, SNI needs TLS 1.0 and doesn't work with TLS1.1/1.2. > This behavior seems me really weird; unfortunately I couldn't find any > explanation for it. > My question is: did I miss something? Is there any way to use SNI w/o > TLSv1? > We want to disable TLS 1.0, but don't want to lost SNI functionality. > > URLs: > - https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI "The first > (default) vhost for SSL name-based virtual hosts must include TLSv1 as a > permitted protocol" > - > http://serverfault.com/questions/700143/does-sni-really-require-tlsv1-insecure > > TIA, > Vitaly > PS: I understand that my question is not 100% on-topic but I hope it's close > enough. All of those references are contrasting TLSv1 with SSLv3, not with TLSv1.2. SNI works fine with TLSv1.0 _and later_ -- Eric Covener covener@xxxxxxxxx --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx