Project

General

Profile

[Solved] TLS key per SNI dropped in 1.4.68 (=> spurious trace)

Added by HenrikHolst 22 days ago

Hi,

I see that support for separate TLS keys (aka ssl.pemfile) have been changed in 1.4.68 to now only be set per $SERVER["socket"] and thus it is no longer possible to have separate TLS keys per SNI host, aka per $SERVER["socket"]. Does this solve something important in Lighttpd or is it something that might be possible to reverse?

I happen to use this quite extensively and AFAIK it should be a useful feature for other people as well. Basically this removes SNI support in lighttpd, unless I have missed something (which is very likely).


Replies (2)

RE: TLS key per SNI dropped in 1.4.68 - Added by gstrauss 22 days ago

The warning trace from lighttpd is unfortunate and wrong. There is a patch in #3182 which will be part of the next lighttpd release.
Per-vhost ssl.pemfile is still supported. Please double-check that things still work for you and please report here if that is not the case.

RE: TLS key per SNI dropped in 1.4.68 - Added by HenrikHolst 22 days ago

Ah, great to hear!

    (1-2/2)