I have two different domains - thisdomain.com and portal.thisdomain.com. But only one public-facing IP address.
Each domains have their own SSL certificates but share same Intermediate CA.
Using the same IP address (and NGINX HTTP server has SNI support), I wanted to offer a different set of TLSv1.2-only cipher/hash/MAC for a different part of the website URL.
Is NGINX able to support different set of cipher/hash/MAC across:
- different subdomain of the same domain?
or/and
- different URL subdirectory of the same domain?
while using the same IP address?
In the example of different domain, is https://portal.thisdomain.com/ capable of having its own cipher/hash/MAC set over https://thisdomain.com?
In the example of different URL subdirectory, is https://thisdomain.com/portal capable of having its own cipher/hash/MAC set over https://thisdomain.com/?
The majority of your question is answered here: define ssl_ciphers in nginx for each vhost
If your two sites are defined as different vhosts, then you can specify different ciphers for each one.
However, no, you absolutally cannot have sub-directories using different ciphers, as TLS has already been negotiated before the rest of the HTTP request (that includes the path) can be inspected.