> When set, ssl_cert_files takes precedence over ssl_cert_file. Are you sure? ssl_cert_files gets loaded after ssl_cert_file was already, it seems additive to me. Shouldn't specifying both result in an error instead?
> 2) TLS 1.3 HRR test — added a proper test that forces HelloRetryRequest > by setting ssl_groups='secp384r1' on the server and connecting with > -groups X25519:secp384r1. The ssl_update_ssl() fix (override=1 > always) is carried over from v2. I don't see it? The string secp384r1 doesn't appear in the patch at all. > LibreSSL fallback > paths verified via #undef SSL_CERT_SET_FIRST build. I think the fallback part needs at least a proper documentation / description specifying what's the expected behavior. Currently if I follow it correctly it serves the last loaded certificate, silently ignoring others? I don't think that's a behavior I would expect from a security-focused feature. But note that I did not try to build the patch with libressl and run tests with it yet.
