ssl_client_fingerprint and sha256

Denis Cardon dcardon at
Mon Dec 2 09:55:09 UTC 2019

Hi everyone,

this is my first post on this mailing list, so bear with me :-)

Sorry if my question is silly, but I haven't found any way to use a 
sha256 fingerprint for client certificate validation in Nginx. Sha1 
fingerprints work fine but we are slowly going toward sha256 as hashing 
function by default. The ngx_http_ssl_module documentation explicitly 
specify only sha1 [1].

I have seen in the Trac that there is a issue open about that [2]. 
Perhaps there a good reason for not having it currently. I'll be glad to 
hear from you all. We are using ssl client auth for WAPT project [3] 
which automates Windows workstation software install and update.




Denis Cardon
Tranquil IT
12 avenue Jules Verne (Bat. A)
44230 Saint Sébastien sur Loire (FRANCE)
tel : +33 (0) 240 975 755

Tranquil IT recrute!
Samba install wiki for Frenchies :
WAPT, software deployment made easy :

More information about the nginx mailing list