Opened 10 months ago

Closed 10 months ago

Last modified 7 months ago

#1612 closed enhancement (duplicate)

Add Stric SNI supprot

Reported by: jinham335908093@… Owned by:
Priority: minor Milestone: nginx-1.15
Component: nginx-module Version: 1.15.x
Keywords: SSL TLS strict-sni Cc:
uname -a:
nginx -V: nginx version: nginx/1.15.2 built by gcc 8.2.0 (Ubuntu 8.2.0-4ubuntu1) built with OpenSSL 1.1.1-pre9-dev xx XXX xxxx TLS SNI support enabled configure arguments: --add-module=../nginx-proxy-connect --add-module=../ngx_brotli --add-module=../nginx-ct --with-http_v2_module --with-http_ssl_module --with-http_gzip_static_module --with-openssl=../../openssls/openssl-1.1.1 --with-openssl-opt=' enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method -O3 -march=armv8-a+crc+simd+crypto -mtune=cortex-a53 enable-ec_nistp_64_gcc_128 no-engine' --with-cc-opt='-D FD_SETSIZE=2048 -O3'


In Apache and haproxy, there is support of
strict sni which can reject the client which has no sni support. It makes the server safer by rejecting the scanner with no sni support

Change History (2)

comment:1 Changed 10 months ago by mdounin

  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #195.

comment:2 Changed 7 months ago by maxim

  • Milestone changed from 1.15 to nginx-1.15

Milestone renamed

Note: See TracTickets for help on using tickets.