id,summary,reporter,owner,description,type,status,priority,milestone,component,version,resolution,keywords,cc,uname,nginx_version 887,nginx skips SNI when determining protocols for SSL negotiation,mqudsi.neosmart.net@…,,"aka ""unexpected downgrade of SSL protocol vulnerability when using SNI"" The nginx documentation for ssl_protocols is pretty clear: > Context: http, server Given a (partial) sample nginx configuration like this: http { ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #Default server for port 443 only to handle clients that don't do SNI (and, by extension, SHA2) server { listen 443 default_server ssl; server_name _; ssl_protocols SSLv3; ssl_certificate /var/data/ssl/selfsigned.crt; ssl_certificate_key /var/data/ssl/selfsigned.key; } server { listen 443 ssl; server_name example.com; ssl_certificate /var/data/ssl/example.com.crt; ssl_certificate_key /var/data/ssl/example.com.key; } } What should happen: A CLIENTHELLO with an SNI server_name extension field with value ""example.com"" should be able to negotiate SSL via the TLSv1/1.1/1.2 protocol, while a client that does not use SNI should wind up with the SSLv3-only What actually happens: A CLIENTHELLO with an SNI server_name extension field with value ""example.com"" attempting to negotiate a TLSv1 handshake will fail: $ openssl s_client -msg -servername example.com -connect example.com:443 -tls1 CONNECTED(00000003) >>> TLS 1.0 Handshake [length 0074], ClientHello 01 00 00 70 03 01 56 aa d1 b4 d3 17 53 bb 1a bc 1f aa 50 0c a0 c4 66 11 fb 54 5f d1 7a af b2 8b 46 bf 39 a0 bc 2c 00 00 2e 00 39 00 38 00 35 00 16 00 13 00 0a 00 33 00 32 00 2f 00 9a 00 99 00 96 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 00 ff 01 00 00 19 00 00 00 11 00 0f 00 00 0c 6e 65 6f 73 6d 61 72 74 2e 6e 65 74 00 23 00 00 >>> SSL 3.0 Alert [length 0002], fatal handshake_failure 02 28 21033:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59/src/ssl/s3_pkt.c:300:",defect,closed,major,,nginx-module,1.9.x,invalid,"ssl, ssl_protocols, sni, server name indication",mqudsi@…,FreeBSD 10.2-RELEASE FreeBSD 10.2-RELEASE #0 r286666: Wed Aug 12 15:26:37 UTC 2015 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64,10.2-RELEASE FreeBSD 10.2-RELEASE #0 r286666: Wed Aug 12 15:26:37 UTC 2015 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64