Hello!

On Mon, Apr 16, 2018 at 05:07:48PM -0700, Frank Liu wrote:

> Looks like OpenSSL 1.1.1 finally fixed this (
> https://github.com/openssl/openssl/issues/4301) and added early callback
> (new in OpenSSL 1.1.1), which allows the application to switch SSL_CTXes
> *before* TLS version negotiation.
> Hopefully nginx 1.15 milestone will be able to take advantage of this.

As per the issue referenced, OpenSSL folks simply closed the
issue without even trying to understand the problem.

Another issue linked there
(https://github.com/openssl/openssl/issues/4302) seems to suggest
that it should be possible to use the clienthello callback as
available in 1.1.1 to switch protocols supported. This might work
(not tested), though certainly will require much more work than
using the servername callback as we do now.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx