Mercurial > hg > nginx-site

diff xml/en/docs/http/configuring_https_servers.xml @ 661:e1579b244800

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SNI: expressed more clearly that passing of literal IP addresses in an SNI is prohibited by RFC, and that one should not rely on a few misbehaving browsers, notably Safari (both desktop and mobile).
author Ruslan Ermilov <ru@nginx.com>
date Thu, 30 Aug 2012 09:43:14 +0000
parents ba45bd0fc71e
children 2ceaef0e84a1
line wrap: on
line diff
--- a/xml/en/docs/http/configuring_https_servers.xml	Tue Aug 28 09:59:56 2012 +0000
+++ b/xml/en/docs/http/configuring_https_servers.xml	Thu Aug 30 09:43:14 2012 +0000
@@ -8,7 +8,7 @@
 <article name="Configuring HTTPS servers"
          link="/en/docs/http/configuring_https_servers.html"
          lang="en"
-         rev="2"
+         rev="3"
          author="Igor Sysoev"
          editor="Brian Mercer">
 
@@ -365,8 +365,8 @@
 <para>
 A more generic solution for running several HTTPS servers on a single
 IP address is
-<link url="http://en.wikipedia.org/wiki/Server_Name_Indication">TLSv1.1
-Server Name Indication extension</link> (SNI, RFC3546),
+<link url="http://en.wikipedia.org/wiki/Server_Name_Indication">TLS
+Server Name Indication extension</link> (SNI, RFC 6066),
 which allows a browser to pass a requested server name during the SSL handshake
 and, therefore, the server will know which certificate it should use
 for the connection.
@@ -399,8 +399,10 @@
 
 </list>
 <note>
-If a server is accessed by an IP address, most browsers will
-not pass it as a server name during the SSL handshake.
+Only domain names can be passed in SNI,
+however some browsers may erroneously pass an IP address of the server
+as its name if a request includes literal IP address.
+One should not rely on this.
 </note>
 </para>