Although this is an old post, I landed on it when asking myself the same type of question, so I am posting this reply in case it helps. I wanted to avoid and send a list of trusted CAs to the client during the initial TLS negotiation, especially as this can result in a relatively large payload sent during the TLS session setup if many CAs are trusted. I then wondered how I could use ssl_trustedby cvillerm - How to...