ssl_protocols per server and SNI

Frank Liu gfrankliu at
Tue Apr 17 00:07:48 UTC 2018

Looks like OpenSSL 1.1.1 finally fixed this  ( and added early callback
(new in OpenSSL 1.1.1), which allows the application to switch SSL_CTXes
*before* TLS version negotiation.
Hopefully nginx 1.15 milestone will be able to take advantage of this.


On Mon, Apr 16, 2018 at 4:23 PM, Frank Liu <gfrankliu at> wrote:

> This topic has been discussed in the past. eg: 3 years ago @
> and
> nginx couldn't fix it due to OpenSSL.
> Has anything changed since then, with newer versions of OpenSSL?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list