Looks like OpenSSL 1.1.1 finally fixed this ( https://github.com/openssl/openssl/issues/4301) and added early callback (new in OpenSSL 1.1.1), which allows the application to switch SSL_CTXes *before* TLS version negotiation. Hopefully nginx 1.15 milestone will be able to take advantage of this.
Thanks! Frank On Mon, Apr 16, 2018 at 4:23 PM, Frank Liu <gfrank...@gmail.com> wrote: > This topic has been discussed in the past. eg: 3 years ago @ > http://mailman.nginx.org/pipermail/nginx/2014-November/045738.html and > nginx couldn't fix it due to OpenSSL. > Has anything changed since then, with newer versions of OpenSSL? >
_______________________________________________ nginx mailing list email@example.com http://mailman.nginx.org/mailman/listinfo/nginx