phuslu
commented
1 year ago Originally implementation it is, see https://github.com/phuslu/nginx-ssl-fingerprint/tree/9b4ad1a4c9364a075113f1206a9db25cdffeda78 Also we upstream the PR https://github.com/openssl/openssl/pull/16910 and got merged.
But for the real production env, we need to be more performant, so here we are.
zabbal
Would it be possible to implement this using https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_client_hello_cb.html from recently released version of OpenSSL instead of patching it?
That should simplify maintenance quite a bit.