Re: Is it possible to have in Apache 2.4 VirtualHosts, each with its own SSLProtocol ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

As suggested in the wiki, did you set below  during your tests. Let us know your findings.

# Listen for virtual host requests on all IP addresses 
NameVirtualHost *:443 
 # Go ahead and accept connections for these vhosts
# from non-SNI clients
SSLStrictSNIVHostCheck off

Thanks,
Anil

On Oct 17, 2019, at 9:50 AM, William A Rowe Jr <wrowe@xxxxxxxxxxxxx> wrote:

On Thu, Oct 17, 2019 at 2:06 AM Marian Ion <m.ion@xxxxxxxxxxx> wrote:

Yes, that's why I set "SSLStrictSNIVHostCheck On" -> according to the
documentation "If set to on in the default name-based virtual host,
clients that are SNI unaware will not be allowed to access any virtual
host".
I set it in the default virtual host and in my "second.server" (that is
supposed to be TLS 1.3 only) but it didn't change the behaviour (i.e.
second.server still accepts TLS 1.2 requests...)

TLS revision describes the handshake protocol. Either the listener accepts
TLS 1.2 handshakes, or it does not, it won't look at SNI until the handshake
is in flight with the respective TLS handshake.

This points out the possibility of multi-homing the box with one IP which
accepts TLS 1.2+ and a different IP listening with TLS 1.3 only.


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux