By now I’ve not used SNI with nginx yet. But as IP address pools are quite filled and commercial XP support is about to cease (finally) I’m thinking about converting a few sites to SNI.
I’m aware of the general limitations and pitfalls that might come along with SNI (XP issue, very old browsers). But beyond that is there anything I should be aware of?
– nginx related pitfalls when using SNI
– issues/bugs with recent (notable!) browsers
If your version of nginx shows TLS SNI support when you do
nginx -V then you’re ready to go.
If you want to run your
server without regard to the IP address, then don’t use an IP address in the SSL web
listen directives to use SNI for that virtual host.
For instance, change:
listen 198.51.100.206:443 ssl;
listen 443 ssl;
Even if you do use an IP address, SNI will be used anyway, for all
servers which are
listening on the same IP address.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.