Custom Query (2311 matches)

Nginx directives ssl_certificate / ssl_certificate_key leak variables support, so for now it's impossible to have generic nginx config for multiple websites listening to 443 port (each with its own cert).

As I understand ssl_certificate is important on config compilation phase (stapling, oscp, etc) - nginx restart - and can't be provided dynamically (on HTTP request phase). But there can be another way - i.e. ssl_certificates pool - which can be used dynamically on SNI requests based on HTTP Host header (and hosts can be obtained from certificates itself).

Any way to provide generic nginx config with multiple 'on-fly' SSL certificates is affordable. But the best way (from my point of view) is to provide support for either (1) or (2) configuration:

(1) server { listen 443 ssl http2; server_name website1.com website2.com; ssl_certificate ssl/certifiates/$host.crt; ssl_certificate_key ssl/certificates/$host.key; }

(2) server { listen 443 ssl http2; server_name website1.com website2.com; ssl_certificate_pool ssl/certifiates/website1.crt; ssl_certificate_pool ssl/certifiates/website2.crt; }

CSS can include non-ASCII characters [1], a very common use case is to use non-ASCII characters as the value of font-family.

It would be great if the change [2] can be reverted.

[1] ​http://www.w3.org/International/questions/qa-css-charset.en.php [2] ​http://trac.nginx.org/nginx/changeset/2188/nginx

When a browser makes a TLS connection, the ClientHello contains the list of cipher suites the browser supports.

I would like to access this list of cipher suites from a variable, similar to the existing ssl_cipher variable, but containing the entire list of ciphers.