This is obviously possible for entirely different domains, but if you try the following...
server {
listen 443 spdy ssl;
keepalive_timeout 70;
server_name example.co.uk;
client_max_body_size 10M;
ssl_certificate /path/to/ssl.crt;
ssl_certificate_key /path/to/ssl.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
...
}
server {
listen 443 spdy ssl;
keepalive_timeout 70;
server_name weak.example.co.uk;
client_max_body_size 10M;
ssl_certificate /path/to/weakssl.crt;
ssl_certificate_key /path/to/weakssl.key;
ssl_protocols SSLv3;
...
}
... and visit the weak.example.co.uk domain, it uses the ciphers & cert from the correct block, but just the protocols from the first block.
Any advice would be much appreciated.
Thanks.
server {
listen 443 spdy ssl;
keepalive_timeout 70;
server_name example.co.uk;
client_max_body_size 10M;
ssl_certificate /path/to/ssl.crt;
ssl_certificate_key /path/to/ssl.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
...
}
server {
listen 443 spdy ssl;
keepalive_timeout 70;
server_name weak.example.co.uk;
client_max_body_size 10M;
ssl_certificate /path/to/weakssl.crt;
ssl_certificate_key /path/to/weakssl.key;
ssl_protocols SSLv3;
...
}
... and visit the weak.example.co.uk domain, it uses the ciphers & cert from the correct block, but just the protocols from the first block.
Any advice would be much appreciated.
Thanks.