According to <https://cwiki.apache.org/confluence/display/HTTPD/NameBasedSSLVHostsWithSNI> "With SNI, you can have many virtual hosts sharing the same IP address and port, and each one can have its own unique certificate (and the rest of the configuration)." So, using Apache 2.4.41 on a Debian Buster with OpenSSL/1.1.1d I have - in ssl.conf: SSLStrictSNIVHostCheck On - in virtual hosts files I have something like <VirtualHost *:443> ServerName first.server.on.my.domain SSLProtocol -all +TLSv1.2 +TLSv1.3 </virtualHost> <VirtualHost *:443> ServerName second.server.on.my.domain SSLProtocol -all +TLSv1.3 </virtualHost> For both I use wildcard certificates for *server.on.my.domain; what I would like is to have the second server responding to TLS 1.3 only - however, it seems that the configuration of the first virtual host prevails! Is it possible to do what I am looking for? if yes, what am I doing wrong? Marian Ion --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|