diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2015-09-24 17:13:20 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2015-10-02 16:51:56 -0400 |
| commit | 00fe09480dfd28674661830d8a045e0f560bbe51 (patch) | |
| tree | f13ebc99b09ee029ddbc75bba74aa60cb3e9dc66 /docs/mod_nss.html | |
| parent | ea7584f67ef0e522254c3806cc0356e89594c711 (diff) | |
| download | mod_nss-00fe09480dfd28674661830d8a045e0f560bbe51.tar.gz mod_nss-00fe09480dfd28674661830d8a045e0f560bbe51.tar.xz mod_nss-00fe09480dfd28674661830d8a045e0f560bbe51.zip | |
Add support for Server Name Indication (SNI)
Uses a hash table to pair up server names and nicknames and
a lookup is done during the handshake to determine which
nickname to be used, and therefore which VirtualHost.
Based heavily on patch from Stanislav Tokos <stokos@suse.de>
Diffstat (limited to 'docs/mod_nss.html')
| -rw-r--r-- | docs/mod_nss.html | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/docs/mod_nss.html b/docs/mod_nss.html index 19d8fef..f073978 100644 --- a/docs/mod_nss.html +++ b/docs/mod_nss.html @@ -184,7 +184,9 @@ following line to httpd.conf (location relative to httpd.conf):<br> </code><br> This has Apache load the mod_nss configuration file, <code>nss.conf</code>. It is here that you will setup your VirtualServer entries to and -configure your SSL servers.<br> +configure your SSL servers. If you have a certificate with Subject +Alternative Names then you can configure separate VirtualServer entries +for eacon one.<br> <h1><a name="Generation"></a>Certificate Generation</h1> A ksh script, <code>gencert</code>, is included to automatically @@ -1057,6 +1059,30 @@ If set to 0 then no buffering is done. <code>NSSRenegBufferSize 262144<br> </code><br> <br> +<big><big>NSSSNI</big></big><br> +<br> +Enables or disables Server Name Identification (SNI) extension check for +TLS. This option is enabled by default. To disable SNI, set this to off +in the default name-based VirtualHost. +<br> +<br> +<span style="font-weight: bold;">Example</span><br> +<br> +<code>NSSSNI off</code><br> +<br> +<big><big>NSSStrictSNIVHostCheck</big></big><br> +<br> +Configures whether a non-SNI client is allowed to access a name-based +VirtualHost. If set to on in the default name-based VirtualHost +then clients that are SNI unaware cannot access any virtual host. If set +to on in any other VirtualHost then SNI unaware clients cannot access +this particular virtual host. +<br> +<br> +<span style="font-weight: bold;">Example</span><br> +<br> +<code>NSSStrictSNIVHostCheck off</code><br> +<br> <big><big>NSSProxyEngine</big></big><br> <br> Enables or disables mod_nss HTTPS support for mod_proxy.<br> |