Opened 5 years ago
Closed 5 years ago
#1968 closed defect (duplicate)
Cannot use different SSL protocols in different server blocks
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | major | Milestone: | |
Component: | nginx-core | Version: | 1.17.x |
Keywords: | ssl_protocols | Cc: | jr3074@… |
uname -a: | Linux buster 5.4.0-28-generic #32-Ubuntu SMP Wed Apr 22 17:40:10 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux | ||
nginx -V: |
nginx version: nginx/1.17.10 (Ubuntu)
built with OpenSSL 1.1.1f 31 Mar 2020 TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-Pmk9_C/nginx-1.17.10=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-compat --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module |
Description
Nginx cannot use different ssl_protocols in different server blocks (different domains).
i activate default_server to handle ip address https://xxx.xxx.xxx.xxx
configuration file sites-enabled/default
server { listen 80 default_server; listen 443 ssl default_server; root /var/www/html; index index.html index.htm index.nginx-debian.html; server_name _; ssl_certificate /etc/nginx/ssl/nginx.crt; ssl_certificate_key /etc/nginx/ssl/nginx.key; }
configuration file of domain.com
server { listen 443 ssl; ssl_protocols TLSv1.3; root /var/www/domain.com; # Add index.php to the list if you are using PHP index index.html index.htm index.nginx-debian.html; server_name domain.com; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot #key ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot }
while opening https://xxx.xxx.xxx.xxx it is using ssl protocol 1.2.
while opening https://domain.com it is still using ssl protocol 1.2.
but when i add configuration ssl_protocols TLSv1.3; on sites-enabled/default
both https://xxx.xxx.xxx.xxx and https://domain.com using protocol 1.3
Change History (2)
comment:1 by , 5 years ago
comment:2 by , 5 years ago
Resolution: | → duplicate |
---|---|
Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
Duplicate of #676.