[PATCH] Add ssl_client_tls_bind variable
Maxim Dounin
mdounin at mdounin.ru
Fri Dec 15 11:27:35 UTC 2023
Hello!
On Fri, Dec 15, 2023 at 06:02:45PM +1100, Rob Casey wrote:
> First time caller, long time listener.
>
> This patch introduces the variable $ssl_client_tls_bind which provides the
> last Finished message returned by the OpenSSL SSL_get_peer_finished()
> function. The value returned by this function may be used in TLS channel
> binding operations as described in RFC 5929
> <https://datatracker.ietf.org/doc/html/rfc5929> (TLSv1.2) and RFC 9266
> <https://datatracker.ietf.org/doc/html/rfc9266> (TLSv1.3). The bytes
> returned by this function are base64-encoded for ease-of-use as per
> suggestion on Nginx forum thread
> <https://forum.nginx.org/read.php?10,286777>.
You might be interested in a previous attempt to introduce similar
variables, here:
https://mailman.nginx.org/pipermail/nginx-devel/2021-May/014082.html
https://mailman.nginx.org/pipermail/nginx-devel/2021-June/014090.html
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx-devel
mailing list