[PATCH] Proxy: add "proxy_ssl_padding" directive
piotr at cloudflare.com
Fri Jul 25 19:06:16 UTC 2014
> And it is also known to cause problems with some other broken
> SSL stacks:
> So it doesn't looks like a good candidate for enabling
> unconditionally, like we do with other workaround options.
Agreed, that's why I added it as an option.
> On the
> other hand, I don't think it worth adding a configuration
> directive to control it. We've recently introduced
> proxy_ssl_protocols and proxy_ssl_ciphers mostly to mitigate
> issues with such broken servers, and it should be enough.
Except that with "proxy_ssl_server_name" the ClientHello message can
be >256 even with only a single SSL protocol and cipher suite enabled.
More information about the nginx-devel