On 8/6/12 3:52 AM, Jan-Frode Myklebust wrote:
On Mon, Aug 06, 2012 at 09:20:51AM -0000, Igor Galić wrote:
Ref: https://issues.apache.org/jira/browse/TS-1392
It seems like ATS v3.2.0 requires a Server Name Indication (SNI) to
do
SSL termination. We use wildcard certs, and don't need/want SNI, so
is
there some way to turn off SNI to get broader client support for our
services?
You would have to specify each IP as dest_ip
I have specified dest_ip in ssl_multicert.conf:
Hmmm, that would be bad. I'm guessing we never tested a browser without
SNI support :). How would I even do that, other than running IE on
Windows XP? Is there a way to turn off SNI on the browser side?
This is a pretty serious bug, if it's the case (we definitely do *not*
require SNI, intentionally).
Cheers,
-- leif
