Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#1612 closed enhancement (duplicate)

Add Stric SNI supprot

Reported by: jinham335908093@… Owned by:
Priority: minor Milestone: nginx-1.15
Component: nginx-module Version: 1.15.x
Keywords: SSL TLS strict-sni Cc:
uname -a:
nginx -V: nginx version: nginx/1.15.2
built by gcc 8.2.0 (Ubuntu 8.2.0-4ubuntu1)
built with OpenSSL 1.1.1-pre9-dev xx XXX xxxx
TLS SNI support enabled
configure arguments: --add-module=../nginx-proxy-connect --add-module=../ngx_brotli --add-module=../nginx-ct --with-http_v2_module --with-http_ssl_module --with-http_gzip_static_module --with-openssl=../../openssls/openssl-1.1.1 --with-openssl-opt=' enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method -O3 -march=armv8-a+crc+simd+crypto -mtune=cortex-a53 enable-ec_nistp_64_gcc_128 no-engine' --with-cc-opt='-D FD_SETSIZE=2048 -O3'


In Apache and haproxy, there is support of
strict sni which can reject the client which has no sni support. It makes the server safer by rejecting the scanner with no sni support

Change History (2)

comment:1 by Maxim Dounin, 6 years ago

Resolution: duplicate
Status: newclosed

Duplicate of #195.

comment:2 by maxim, 6 years ago

Milestone: 1.15nginx-1.15

Milestone renamed

Note: See TracTickets for help on using tickets.