Is there any possibility of allowing the use of SSL without the
ssl_certificate option in nginx?
Before you say I'm crazy, hear me out. I want to operate servers where
security is not required (the same content is served over HTTP) but it
would be nice to offer some encryption for people who desire it. I also
very strongly do not want to bother with certificates, especially as
those certificates would be self-signed and consequently offer *zero*
extra security assurance over anonymous DH mode.
The nginx config I *want* looks something like this:
http {
server {
listen 443;
ssl on;
ssl_ciphers ADH:aNULL:eNULL;
}
}
I would happily settle for:
http {
server {
listen 443;
ssl on;
ssl_ciphers ADH:aNULL:eNULL;
ssl_without_certificate_because_im_crazy on;
}
}
Right now, I have to use:
http {
server {
listen 443;
ssl on;
ssl_ciphers ADH:aNULL:eNULL;
ssl_certificate /some/x509/cert/which/will/never/be/used.pem;
ssl_certificate_key /some/x509/cert/which/will/never/be/used.pem;
}
}
I can't even use /dev/null because nginx croaks on an invalid
certificate.
It's a minor grief, certainly, but there really are perfectly valid SSL
modes that don't involve a certificate on the server side and I'm hoping
to avoid having to create snakeoil certs for all of my servers.
--
-Julian Blake Kongslie <jblake@omgwallhack.org>
If this is a mailing list, please CC me on replies.
vim: set ft=text :
_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx