Re: TLS 1.1 and 1.2 and SNI support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, May 23, 2016 at 5:16 PM, Eric Covener <covener@xxxxxxxxx> wrote:
> For some reason if I add "-TLSv1" to SSLProtocol directive in my default
> SSL vhost, SNI isn't working anymore:
>
>  "SSLProtocol             All -SSLv2 -SSLv3 -TLSv1"
>

What protocol is used? Does the client send the SNI extension?

I'm using  the same "curl" and "wget" for testing. As far as I disable TLS v1.0, I get "curl: (35) SSL connect error" and 
"ERROR: certificate common name “mydefault-ssl-vhost-name” doesn’t match requested host name “my-vhost-name”" 
in wget.
BTW, similar issue reported here http://serverfault.com/questions/700143/does-sni-really-require-tlsv1-insecure 
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux