#785 closed defect
SPDY not supporting domain sharding
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-module | Version: | 1.8.x |
| Keywords: | Cc: | steve.exley@… | |
| uname -a: | Linux node1 2.6.32-573.3.1.el6.x86_64 #1 SMP Mon Aug 10 09:44:54 EDT 2015 x86_64 x86_64 x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.8.0
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-16) (GCC) built with OpenSSL 1.0.1e-fips 11 Feb 2013 TLS SNI support enabled configure arguments: --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --with-http_ssl_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_spdy_module |
||
Description
When using multiple domains on the same ip & ssl certificate. Nginx does not support the client switching domains on the same SPDY session. Tested in 1.8.0
Server block looks like:
server {
listen 443 ssl spdy;
server_name *.domain.com;
ssl_certificate wildcarddomain.crt;
...
If the client visits a.domain.com and then b.domain.com on the same IP using spdy, they get a HTTP 400 response.
The log file records:
"client attempted to request the server name different from that one was negotiated while processing SPDY"
When using ssl instead of spdy. There is no issue.
The error message comes from ngx_http_request.c, the code in 1.9.4 appears the same so this issue may persist with the switch to HTTP2.
Note:
See TracTickets
for help on using tickets.
It works well unless you have the "ssl_verify_client" directive enabled. In that case the client is verified in a particular virtual server and isn't allowed to request other servers.