> Hello. > > I am well aware that CVE-2011-4968 had a fix included for it (based on > http://trac.nginx.org/nginx/ticket/13 and > http://trac.nginx.org/nginx/changeset/060c2e692b96a150b584b8e30d596be1f2defa9c/nginx) > however I do not see an entry for it in the changelog. > > With what release/version did this get included in NGINX?
proxy_ssl_verify and proxy_ssl_verify_depth keywords are supported since nginx 1.7.0 and appear in the changlog as: "Feature: backend SSL certificate verification" By adivsed that you need to configure this, it doesn't just work out of the box. Lukas [1] http://nginx.org/en/docs/http/ngx_http_proxy_module.html&proxy_ssl_verify [2] http://nginx.org/en/docs/http/ngx_http_proxy_module.html&proxy_ssl_verify_depth [3] http://nginx.org/en/CHANGES _______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
