Mercurial > hg > nginx-site
diff xml/en/docs/http/configuring_https_servers.xml @ 661:e1579b244800
SNI: expressed more clearly that passing of literal IP addresses in
an SNI is prohibited by RFC, and that one should not rely on a few
misbehaving browsers, notably Safari (both desktop and mobile).
author | Ruslan Ermilov <ru@nginx.com> |
---|---|
date | Thu, 30 Aug 2012 09:43:14 +0000 |
parents | ba45bd0fc71e |
children | 2ceaef0e84a1 |
line wrap: on
line diff
--- a/xml/en/docs/http/configuring_https_servers.xml Tue Aug 28 09:59:56 2012 +0000 +++ b/xml/en/docs/http/configuring_https_servers.xml Thu Aug 30 09:43:14 2012 +0000 @@ -8,7 +8,7 @@ <article name="Configuring HTTPS servers" link="/en/docs/http/configuring_https_servers.html" lang="en" - rev="2" + rev="3" author="Igor Sysoev" editor="Brian Mercer"> @@ -365,8 +365,8 @@ <para> A more generic solution for running several HTTPS servers on a single IP address is -<link url="http://en.wikipedia.org/wiki/Server_Name_Indication">TLSv1.1 -Server Name Indication extension</link> (SNI, RFC3546), +<link url="http://en.wikipedia.org/wiki/Server_Name_Indication">TLS +Server Name Indication extension</link> (SNI, RFC 6066), which allows a browser to pass a requested server name during the SSL handshake and, therefore, the server will know which certificate it should use for the connection. @@ -399,8 +399,10 @@ </list> <note> -If a server is accessed by an IP address, most browsers will -not pass it as a server name during the SSL handshake. +Only domain names can be passed in SNI, +however some browsers may erroneously pass an IP address of the server +as its name if a request includes literal IP address. +One should not rely on this. </note> </para>