Welcome! Log In Create A New Profile

Advanced

Any way to allow secure SSL renegotiation?

Previous Message Next Message
Forum List Message List New Topic Print View
Perry, William
July 24, 2016 07:10PM
“Secure” meaning using TLS only, RFC5746 style.

I would like to have a module that decides which certificate authorities are valid based on aspects of a request (location, type of authentication required, etc). Some user populations will require client certificates from one CA, others from another, and others will not use client certificates at all. Specifying SSL client certificates as ‘optional’ for the entire server is not exactly a great user experience, and I would prefer not to send the trusted CAs for all user populations to every user.

Currently works in Apache and mod_ssl with some extra protections to only allow renegotiation to be triggered by the server, but I want to get NGINX handling all of the TLS traffic.

Has anyone come up with a relatively simple patch to allow NGINX to start the renegotiation process? Figured I would check before reinventing the wheel.

-Bill Perry
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

Any way to allow secure SSL renegotiation?

Perry, William 1614 July 24, 2016 07:10PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

apostrofix
Guests: 163
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready