Hello Taco, On Sat, 2 Mar 2024 09:54:46 -0300 Taco de Wolff <tacodewo...@gmail.com> wrote:
> Thank you Jordan for the response. > No problem. > Including the SNI information in cURL works, thank you. I wasn't aware this > was so very different from TCP/HTTP2. > > The point I was trying to make about the ssl_certificate options to be > mandatory, is that HTTP/2 also requires SSL HTTP2 can be used without TLS by the way (called h2c), and this is also implemented in nginx. With curl you can test it easily with --http2-prior-knowledge flag against plain-text port. The $http2 variable [1] can also be easily used to distinguish h2c vs h2(with tls). Of course, I doubt there is a lot of real world usage of h2c. Still, it can be useful for testing :) [1] https://nginx.org/en/docs/http/ngx_http_v2_module.html#variables > but recognizes that when > ssl_reject_handshake=on it doesn't need the certificate. For HTTP/3 it > doesn't seem to recognize that it doesn't need the certificate since it > will reject handshakes anyways. I see, but when testing with exactly the configuration you posted, it does not appear to require them in the default server (on 1.25.4). If I remove ssl_certificate and ssl_certificate_key directives, it still works... 1) Are you using any out of band patches in your nginx build (if self built)? 2) Which TLS library are you using (openssl, boringssl, ect)? 3) Which OS? _______________________________________________ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx