Re: Is it possible to have in Apache 2.4 VirtualHosts, each with its own SSLProtocol ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Oct 17, 2019 at 2:06 AM Marian Ion <m.ion@xxxxxxxxxxx> wrote:

Yes, that's why I set "SSLStrictSNIVHostCheck On" -> according to the
documentation "If set to on in the default name-based virtual host,
clients that are SNI unaware will not be allowed to access any virtual
host".
I set it in the default virtual host and in my "second.server" (that is
supposed to be TLS 1.3 only) but it didn't change the behaviour (i.e.
second.server still accepts TLS 1.2 requests...)

TLS revision describes the handshake protocol. Either the listener accepts
TLS 1.2 handshakes, or it does not, it won't look at SNI until the handshake
is in flight with the respective TLS handshake.

This points out the possibility of multi-homing the box with one IP which
accepts TLS 1.2+ and a different IP listening with TLS 1.3 only.


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux