id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
1375	Can‘t use  parallel ECDSA / RSA certificates in BoringSSL	jinham335908093@…		"I can‘t use  parallel ECDSA / RSA certificates in BoringSSL.It only offers RSA certificate
My config is
server {
        listen       443 ssl spdy http2 fastopen=3 reuseport;
        listen 80;
        #server_name  localhost;
        server_tokens  off;
        #charset koi8-r;
       ssl_ciphers                 '[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]:[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]:ECDHE+AES128:DHE+AES128:RSA+AES128:ECDHE+AES256:DHE+AES256:RSA+AES256:ECDHE+3DES:RSA+3DES';
        #access_log  logs/host.access.log  main;
        #ssl_ciphers ALL;
        ssl_stapling on;
        ssl_prefer_server_ciphers  on;
        ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
        ssl_session_cache          shared:SSL:50m;
        ssl_session_tickets        on;
        #ECC
        ssl_certificate      cert.pem;
        ssl_certificate_key  key.pem;
        #RSA
        ssl_certificate      rsa.pem;
        ssl_certificate_key  rsa.key.pem;
        #2048-bit DH         
        ssl_dhparam         dhparams.pem;
        ssl_ecdh_curve X25519:P-521:P-384:P-256;
        add_header   Public-Key-Pins 'pin-sha256=""YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=""; pin-sha256=""IiSbZ4pMDEyXvtl7Lg8K3FNmJcTAhKUTrB2FQOaAO/s=""; pin-sha256=""G//rUh1XUYd7h8vyl/831aUltQ3bRKrNYdDFqIaBf8c="";pin-sha256=""XMNx6H7vrk+38sOXz3yAeR60fQv14famOgKTZl0c9GU="";max-age=2592000; includeSubDomains';
        add_header               X-Frame-Options deny;
        add_header               X-Content-Type-Options nosniff;
        add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains; preload';
        add_header X-Xss-Protection '1; mode=block';
        add_header Cache-Control no-cache;
        add_header  Content-Security-Policy ""default-src 'self'; script-src 'unsafe-eval'; img-src 'self'; connect-src 'self'; font-src 'self'; style-src 'unsafe-inline';"";
        location / {
            root   html;
            index  index.html index.htm;
        }

"	defect	closed	minor	1.13	nginx-module	1.13.x	invalid	BoringSSL, Certificate		Linux a-VirtualBox 4.10.0-33-generic #37~16.04.1-Ubuntu SMP Fri Aug 11 14:07:24 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux	"nginx version: nginx/1.13.4
built by gcc 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.4) 
built with OpenSSL 1.0.2 (compatible; BoringSSL) (Running with Boringssl)
TLS SNI support enabled
configure arguments: --add-module=../ngx_brotli --add-module=../nginx-ct-1.3.2 --with-openssl=../openssl --with-openssl-opt='enable-tls1_3 enable-weak-ssl-ciphers' --with-http_v2_module --with-http_ssl_module --with-http_gzip_static_module
"