Hi, I'm using nginx to proxy gRPC requests that have the client authenticate with a client certificate. When connecting directly to Go's gRPC server with an untrusted client certificate or with no client certificate when one is required, the server will fail the TLS handshake. I believe it would be useful if nginx supported enabling this behavior.
This behavior is useful because it allows clients to know that they are not authenticated when they dial as opposed to on making a gRPC request. Additionally, failing the TLS handshake removes the need for the error pages served to the client indicating a untrusted certificate to have the Content-Type, gprc-status, and grpc-message headers set. Would the project be open to implementing this or accepting patches based on this rationale? Best, Jason
_______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
