Mercurial > hg > nginx-site
comparison xml/en/docs/http/configuring_https_servers.xml @ 661:e1579b244800
SNI: expressed more clearly that passing of literal IP addresses in
an SNI is prohibited by RFC, and that one should not rely on a few
misbehaving browsers, notably Safari (both desktop and mobile).
author | Ruslan Ermilov <ru@nginx.com> |
---|---|
date | Thu, 30 Aug 2012 09:43:14 +0000 |
parents | ba45bd0fc71e |
children | 2ceaef0e84a1 |
comparison
equal
deleted
inserted
replaced
660:ba45bd0fc71e | 661:e1579b244800 |
---|---|
6 <!DOCTYPE article SYSTEM "../../../../dtd/article.dtd"> | 6 <!DOCTYPE article SYSTEM "../../../../dtd/article.dtd"> |
7 | 7 |
8 <article name="Configuring HTTPS servers" | 8 <article name="Configuring HTTPS servers" |
9 link="/en/docs/http/configuring_https_servers.html" | 9 link="/en/docs/http/configuring_https_servers.html" |
10 lang="en" | 10 lang="en" |
11 rev="2" | 11 rev="3" |
12 author="Igor Sysoev" | 12 author="Igor Sysoev" |
13 editor="Brian Mercer"> | 13 editor="Brian Mercer"> |
14 | 14 |
15 <section> | 15 <section> |
16 | 16 |
363 <section id="sni" name="Server Name Indication"> | 363 <section id="sni" name="Server Name Indication"> |
364 | 364 |
365 <para> | 365 <para> |
366 A more generic solution for running several HTTPS servers on a single | 366 A more generic solution for running several HTTPS servers on a single |
367 IP address is | 367 IP address is |
368 <link url="http://en.wikipedia.org/wiki/Server_Name_Indication">TLSv1.1 | 368 <link url="http://en.wikipedia.org/wiki/Server_Name_Indication">TLS |
369 Server Name Indication extension</link> (SNI, RFC3546), | 369 Server Name Indication extension</link> (SNI, RFC 6066), |
370 which allows a browser to pass a requested server name during the SSL handshake | 370 which allows a browser to pass a requested server name during the SSL handshake |
371 and, therefore, the server will know which certificate it should use | 371 and, therefore, the server will know which certificate it should use |
372 for the connection. | 372 for the connection. |
373 However, SNI has limited browser support. | 373 However, SNI has limited browser support. |
374 Currently it is supported starting with the following browsers versions: | 374 Currently it is supported starting with the following browsers versions: |
397 and Chrome (Windows version supports SNI on Vista or higher, too). | 397 and Chrome (Windows version supports SNI on Vista or higher, too). |
398 </listitem> | 398 </listitem> |
399 | 399 |
400 </list> | 400 </list> |
401 <note> | 401 <note> |
402 If a server is accessed by an IP address, most browsers will | 402 Only domain names can be passed in SNI, |
403 not pass it as a server name during the SSL handshake. | 403 however some browsers may erroneously pass an IP address of the server |
404 as its name if a request includes literal IP address. | |
405 One should not rely on this. | |
404 </note> | 406 </note> |
405 </para> | 407 </para> |
406 | 408 |
407 <para> | 409 <para> |
408 In order to use SNI in nginx, it must be supported in both the | 410 In order to use SNI in nginx, it must be supported in both the |