Hello! On Fri, Mar 28, 2014 at 02:53:18PM +0000, Jonathan Matthews wrote:
> On 28 March 2014 14:31, Ben Johnson <[email protected]> wrote: > > Is there any way to av,oid this certificate being presented, but still > > return the 444 response under the conditions I've described? > > I'd /suspect/ not, as the 444 response can't be "delivered" (i.e. the > connection closed) until sufficient information has been passed over > the already-SSL-secured connection. In other words, the cert *has* to > be used to secure the channel over which the HTTP request will be > made, and only after its been made can the correct server{} block be > chosen and the response delivered - even if the response is simply to > close the connection. If SNI is used, it's in theory possible to close a connection early (during an SSL handshake, after ClientHello but before sending enything). The following tickets in trac are related: http://trac.nginx.org/nginx/ticket/195 http://trac.nginx.org/nginx/ticket/214 -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
