Hi,

I have my nginx configured with client_certificate authentication:

ssl_client_certificate /etc/nginx/ssl/cas.pem;
ssl_verify_client optional;
ssl_verify_depth 2;
And is working fine, but I need to NOT send the CAs to the client during the handshake.

I've seen http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_trusted_certificate in the documentation. So, I've changed it to:

ssl_trusted_certificate /etc/nginx/ssl/cas.pem;
ssl_verify_depth 2;

But now ssl_client_verify is always to NONE, and actually I saw in wireshark that the client is not sending the certificate.

What am I doing wrong?

Regards.