[PATCH 1 of 2] SSL: add support for AWS-LC
Piotr Sikora
piotr at aviatrix.com
Thu Mar 21 07:01:54 UTC 2024
Hi Roman,
> It looks like this library is not super popular, but the patch is relatively
> large.
Perhaps it's not as widely used as the forks that started ~10 years ago,
but it's basically a version of BoringSSL that's more suitable to use with
NGINX than BoringSSL itself:
- it ships releases and it's versioned,
- it supports OCSP stapling,
- it supports multiple TLS certificates,
- it supports big endian platforms supported by NGINX.
Also, the patch is pretty small.
> Also, compiling nginx with -DOPENSSL_IS_BORINGSSL should probably solve
> the issue.
For the time being, probably, but AWS folks are actively developing it,
so I'd expect it to led to issues sooner rather than later.
Best regards,
Piotr Sikora
More information about the nginx-devel
mailing list