Hello!

Here are patch series for the test suite to address test failures
observed with TLSv1.3 enabled with BoringSSL and LibreSSL.

Short summary of the issues seen:

- BoringSSL with TLSv1.3 does not support session reuse via server-side
  session cache, only with tickets.

- BoringSSL with TLSv1.3 does not provide $ssl_session_id.

- LibreSSL with TLSv1.3 does not support session reuse.

- LibreSSL with TLSv1.3 fails to negotiate certificates based on
  signature algorithms supported by the client, and fails with
  "missing rsa certificate" and "unknown pkey type" errors.

- LibreSSL with TLSv1.3 does not send CA lists to the client.

-- 
Maxim Dounin
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply via email to