[PATCH] Proxy: add "proxy_ssl_padding" directive

Piotr Sikora piotr at cloudflare.com
Fri Jul 25 20:44:49 UTC 2014

Hey Maxim,

> This means that SNI can't be used with such backends (it never
> worked before as it can't work without TLS padding extension), and
> trivial solution is to don't switch it on.

I don't think that's valid solution, SNI should be used whenever possible.

Also, I think that "on/off" switch is much nicer workaround for the
problem than requiring users to play around with SSL protocols and/or
cipher suites.

Best regards,
Piotr Sikora

More information about the nginx-devel mailing list