Nginx: SNI doesn’t work for server_name with multiple arguments

nginxsnissl

With this Nginx config:

server {

    listen 443 ssl;
    server_name www.x.nl x.nl;

    ssl_certificate /etc/nginx/ssl/x.nl.crtkeyca;
    ssl_certificate_key /etc/nginx/ssl/x.nl.crtkeyca;

    [...]

}

This works:

openssl s_client -servername www.x.nl -connect localhost:443 < /dev/null

This doesn't, as I get the default vhost CN:

openssl s_client -servername x.nl -connect localhost:443 < /dev/null

Am using stock Nginx from Ubuntu 12.04 LTS, unfortunately very old (1.1.19).

Is it supposed to work in newer versions or do I require to duplicate my server {} definitions?

Best Answer

I had same issue with Nginx 1.8.0.

In my case, this issue fixes setup different name in ssl_session_cache (see "???"):

ssl_session_cache shared:SSL_???:10m;

Related Solutions

Nginx has ssl module, but thinks it doesn’t

You are missing the SSL on directive.

http://wiki.nginx.org/HttpSslModule

Using Nginx with SNI – Configuration Guide

If your version of nginx shows TLS SNI support when you do nginx -V then you're ready to go.

If you want to run your server without regard to the IP address, then don't use an IP address in the SSL web server's listen directives to use SNI for that virtual host.

For instance, change:

listen 198.51.100.206:443 ssl;

to:

listen 443 ssl;

Even if you do use an IP address, SNI will be used anyway, for all servers which are listening on the same IP address.

Best Answer

Related Solutions

Nginx has ssl module, but thinks it doesn’t

Using Nginx with SNI – Configuration Guide

Related Topic