[Solved] TLS key per SNI dropped in 1.4.68 (=> spurious trace)

Hi,

I see that support for separate TLS keys (aka ssl.pemfile) have been changed in 1.4.68 to now only be set per $SERVER["socket"] and thus it is no longer possible to have separate TLS keys per SNI host, aka per $SERVER["socket"]. Does this solve something important in Lighttpd or is it something that might be possible to reverse?

I happen to use this quite extensively and AFAIK it should be a useful feature for other people as well. Basically this removes SNI support in lighttpd, unless I have missed something (which is very likely).

Replies (2)

RE: TLS key per SNI dropped in 1.4.68 - Added by gstrauss over 1 year ago

The warning trace from lighttpd is unfortunate and wrong. There is a patch in #3182 which will be part of the next lighttpd release.
Per-vhost ssl.pemfile is still supported. Please double-check that things still work for you and please report here if that is not the case.

RE: TLS key per SNI dropped in 1.4.68 - Added by HenrikHolst over 1 year ago

Ah, great to hear!

(1-2/2)

Project

General

Profile

Lighttpd