ssl_protocols & SNI

Mon Feb 13 00:32:22 UTC 2017

Hello!

On Fri, Feb 10, 2017 at 03:18:14PM -0800, Frank Liu wrote:

> Thanks for explaining why overloading ssl_protocols won't work. Since the
> problem is with how OpenSSL works, will it work if we use other openssl
> alternatives? I see people reporting boringssl and libressl work fine with
> nginx. Does nginx still need to be modified to support overloading
> ssl_protocols or is it just a matter of library switch?

I doubt there is a difference, as both are OpenSSL forks.  And 
such a support will seriously complicate the code with no obvious 
benefits.  Though I've never tested nor looked into the current 
sources of these libraries for this particular aspect.

Either way, if it is implemented by the library, it's highly 
unlikely that any changes in nginx will be needed.  It already does 
all it can do.

-- 
Maxim Dounin
http://nginx.org/