Custom Query (2297 matches)

I configured Nginx for two TLS virtualhost 'example.one' and 'example.two' with two different certficates.

I need to setup TLS1.0+ for the first one and only TLS1.2 for the second one. However the second one (example.two) configuration ignores ssl_protocols directive and takes ssl_procolols from first server directive.

So both server directive uses the first configured ssl_protocols directive.

server {
    listen          443 default_server ssl spdy;
    server_name     example.one;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    ssl_certificate         /certs/cert-for-example.one.pem;
    ssl_certificate_key     /certs/privkey-for-example.one.pem;


    # another ssl_* directives ...
}

server {
    listen          443 ssl spdy;
    server_name     example.two;

    ssl_protocols TLSv1.2;

    ssl_certificate         /certs/cert-for-example.two.pem;
    ssl_certificate_key     /certs/privkey-for-example.two.pem;

    # another ssl_* directives ...
}

I don't want to use SSL3 so the TLS SNI should work fine and I believe Nginx can decide which ssl_protocols directive to use based on server name provided in client Hello packet.

The documentation for the directive limit_req_log_level[1] is:

Sets the desired logging level for cases when the server refuses to process requests due to rate exceeding, or delays request processing. Logging level for delays is one point less than for refusals; for example, if “limit_req_log_level notice” is specified, delays are logged with the info level.

but it should be:

... for example, if “limit_req_log_level info” is specified, delays are logged with the debug level.

[1] ​http://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req_log_level

The aforementioned functions are ​widely ​used, but since changeset ​a72886067bbb, they are no longer publicly available, leading to compilation error. This patch address that issue by sharing the two functions.