[PATCH] RSA+DSA+ECC bundles
piotr at cloudflare.com
Wed Oct 23 21:48:38 UTC 2013
> Just drop the backwards-compatibility and require OpenSSL 1.0.2 or
> later for that feature, just like a particular version of OpenSSL is
> needed for TLS-SNI.
I kind of agree with that.
While OpenSSL-1.0.2 is still unreleased, it seems that all options for
existing releases are a bit hacky, to say at least... The trusted
certificate store sounds like the only way to do it right now, but it
effectively makes SSL client verification useless and creates a
What do you think, Maxim?
More information about the nginx-devel