#1612 closed enhancement (duplicate)
Add Stric SNI supprot
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | minor | Milestone: | nginx-1.15 |
Component: | nginx-module | Version: | 1.15.x |
Keywords: | SSL TLS strict-sni | Cc: | |
uname -a: | |||
nginx -V: |
nginx version: nginx/1.15.2
built by gcc 8.2.0 (Ubuntu 8.2.0-4ubuntu1) built with OpenSSL 1.1.1-pre9-dev xx XXX xxxx TLS SNI support enabled configure arguments: --add-module=../nginx-proxy-connect --add-module=../ngx_brotli --add-module=../nginx-ct --with-http_v2_module --with-http_ssl_module --with-http_gzip_static_module --with-openssl=../../openssls/openssl-1.1.1 --with-openssl-opt=' enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method -O3 -march=armv8-a+crc+simd+crypto -mtune=cortex-a53 enable-ec_nistp_64_gcc_128 no-engine' --with-cc-opt='-D FD_SETSIZE=2048 -O3' |
Description
In Apache and haproxy, there is support of
strict sni which can reject the client which has no sni support. It makes the server safer by rejecting the scanner with no sni support
Note:
See TracTickets
for help on using tickets.
Duplicate of #195.