Opened 10 years ago

Closed 3 years ago

#615 closed enhancement (fixed)

Ability to specify different SSL certificate based on negotiated cipher suites and tls versions

Reported by: Ryan Hurst Owned by:
Priority: minor Milestone:
Component: nginx-core Version:
Keywords: SSL Cc:
uname -a:
nginx -V: 1.x


As TLS evolves, algorithms get deprecated and added the ability to selectively use certificates containing different types of keys based on which suite and TLS version are negotiated is useful.

Apache supports this, google also does this in their custom server so that they can intelligently use the best and most appropriate key material.

Change History (1)

comment:1 by Maxim Dounin, 3 years ago

Resolution: fixed
Status: newclosed

Loading multiple certificates of different types is implemented in nginx 1.11.0. Starting with nginx 1.15.9 it is also possible to load different certificates based on the information provided by the client in SSL handshake.

Note: See TracTickets for help on using tickets.