Closed avj closed 1 year ago
@LeoColomb Can this be reverted? This will introduce downgrade attack potential.
There's an alternative and better way to configure OpenSSL to read the client's intent on using hardware accelerated paths, it needs some system-wide configuration (via NGINX's ssl_conf_command
directive) of the OpenSSL library used by NGINX.
I'll dig through my systems today to find the specific configuration tweaks needed.
This comment explains the reasoning for turning it to "off" for modern browsers. https://github.com/mozilla/server-side-tls/issues/260#issuecomment-507392266
Thanks for your comments. @emansom This PR is also the outcome of #325 discussion. Don't hesitate to continue the discussion there 🙂
Per discussion here: https://github.com/h5bp/server-configs-nginx/issues/325