On Mon, May 23, 2016 at 5:16 PM, Eric Covener <cove...@gmail.com> wrote:
> > For some reason if I add "-TLSv1" to SSLProtocol directive in my default > > SSL vhost, SNI isn't working anymore: > > > > "SSLProtocol All -SSLv2 -SSLv3 -TLSv1" > > > > What protocol is used? Does the client send the SNI extension? > > I'm using the same "curl" and "wget" for testing. As far as I disable TLS v1.0, I get "curl: (35) SSL connect error" and "ERROR: certificate common name “mydefault-ssl-vhost-name” doesn’t match requested host name “my-vhost-name”" in wget. BTW, similar issue reported here http://serverfault.com/questions/700143/does-sni-really-require-tlsv1-insecure
