ssl_protocols & SNI
mdounin at mdounin.ru
Mon Feb 13 00:32:22 UTC 2017
On Fri, Feb 10, 2017 at 03:18:14PM -0800, Frank Liu wrote:
> Thanks for explaining why overloading ssl_protocols won't work. Since the
> problem is with how OpenSSL works, will it work if we use other openssl
> alternatives? I see people reporting boringssl and libressl work fine with
> nginx. Does nginx still need to be modified to support overloading
> ssl_protocols or is it just a matter of library switch?
I doubt there is a difference, as both are OpenSSL forks. And
such a support will seriously complicate the code with no obvious
benefits. Though I've never tested nor looked into the current
sources of these libraries for this particular aspect.
Either way, if it is implemented by the library, it's highly
unlikely that any changes in nginx will be needed. It already does
all it can do.
More information about the nginx