Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#785 closed defect

SPDY not supporting domain sharding

Reported by: steve.exley.mayden.co.uk@… Owned by:
Priority: minor Milestone:
Component: nginx-module Version: 1.8.x
Keywords: Cc: steve.exley@…
uname -a: Linux node1 2.6.32-573.3.1.el6.x86_64 #1 SMP Mon Aug 10 09:44:54 EDT 2015 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.8.0 built by gcc 4.4.7 20120313 (Red Hat 4.4.7-16) (GCC) built with OpenSSL 1.0.1e-fips 11 Feb 2013 TLS SNI support enabled configure arguments: --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --with-http_ssl_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_spdy_module

Description

When using multiple domains on the same ip & ssl certificate. Nginx does not support the client switching domains on the same SPDY session. Tested in 1.8.0

Server block looks like:

server {
    listen       443 ssl spdy;
    server_name  *.domain.com;
    ssl_certificate wildcarddomain.crt;
    ...

If the client visits a.domain.com and then b.domain.com on the same IP using spdy, they get a HTTP 400 response.

The log file records:

"client attempted to request the server name different from that one was negotiated while processing SPDY"

When using ssl instead of spdy. There is no issue.

The error message comes from ngx_http_request.c, the code in 1.9.4 appears the same so this issue may persist with the switch to HTTP2.

Change History (2)

comment:1 Changed 3 years ago by vbart

  • Status changed from new to closed

It works well unless you have the "ssl_verify_client" directive enabled. In that case the client is verified in a particular virtual server and isn't allowed to request other servers.

comment:2 Changed 3 years ago by steve.exley.mayden.co.uk@…

Makes sense now. Thanks for the quick response.

Note: See TracTickets for help on using tickets.