Very interesting. Thanks for these links Maxim. I would actually favour Steffen's patch over my own for the completeness of exposing both tls-unique and tls-server-end-point. I would note from the second link however that this patch was abandoned due to the limited application of channel binding where more comprehensive web infrastructure may be deployed. There is however a separate use for tls-by r12477 - Nginx Development
The code which performs this digest is located in src/event/ngx_event_openssl.c - This is presently hard-coded to return a SHA1 fingerprint.by r12477 - Other discussion
I have submitted a patch to the nginx-devel mailing list to expose the last Finished message as returned from OpenSSL SSL_get_peer_finished() as a new configuration variable, $ssl_client_tls_bind. The value returned in this variable may be used in TLS channel binding operations as described in RFC 5929 (TLSv1.2) and RFC 9266 (TLSv1.3).by r12477 - Ideas and Feature Requests