Closed zabbal closed 1 year ago
Originally implementation it is, see https://github.com/phuslu/nginx-ssl-fingerprint/tree/9b4ad1a4c9364a075113f1206a9db25cdffeda78 Also we upstream the PR https://github.com/openssl/openssl/pull/16910 and got merged.
But for the real production env, we need to be more performant, so here we are.
Thanks for clarification!
Would it be possible to implement this using https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_client_hello_cb.html from recently released version of OpenSSL instead of patching it?
That should simplify maintenance quite a bit.