Opened 10 years ago
Closed 4 years ago
#615 closed enhancement (fixed)
Ability to specify different SSL certificate based on negotiated cipher suites and tls versions
Reported by: | Ryan Hurst | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | nginx-core | Version: | |
Keywords: | SSL | Cc: | |
uname -a: | |||
nginx -V: | 1.x |
Description
As TLS evolves, algorithms get deprecated and added the ability to selectively use certificates containing different types of keys based on which suite and TLS version are negotiated is useful.
Apache supports this, google also does this in their custom server so that they can intelligently use the best and most appropriate key material.
Note:
See TracTickets
for help on using tickets.
Loading multiple certificates of different types is implemented in nginx 1.11.0. Starting with nginx 1.15.9 it is also possible to load different certificates based on the information provided by the client in SSL handshake.