ssl_protocols per server and SNI
Frank Liu
gfrankliu at gmail.com
Tue Apr 17 00:07:48 UTC 2018
Looks like OpenSSL 1.1.1 finally fixed this (
https://github.com/openssl/openssl/issues/4301) and added early callback
(new in OpenSSL 1.1.1), which allows the application to switch SSL_CTXes
*before* TLS version negotiation.
Hopefully nginx 1.15 milestone will be able to take advantage of this.
Thanks!
Frank
On Mon, Apr 16, 2018 at 4:23 PM, Frank Liu <gfrankliu at gmail.com> wrote:
> This topic has been discussed in the past. eg: 3 years ago @
> http://mailman.nginx.org/pipermail/nginx/2014-November/045738.html and
> nginx couldn't fix it due to OpenSSL.
> Has anything changed since then, with newer versions of OpenSSL?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20180416/ef018fc5/attachment.html>
More information about the nginx
mailing list