Hi Jordan, You are right, very sorry for the noise. Must have confounded the error with the many changes I made at the same time. Thanks for your time!
Kind regards, Taco de Wolff Op za 2 mrt 2024 om 15:52 schreef J Carter <jordanc.car...@outlook.com>: > Hello Taco, > > On Sat, 2 Mar 2024 09:54:46 -0300 > Taco de Wolff <tacodewo...@gmail.com> wrote: > > > Thank you Jordan for the response. > > > > No problem. > > > Including the SNI information in cURL works, thank you. I wasn't aware > this > > was so very different from TCP/HTTP2. > > > > The point I was trying to make about the ssl_certificate options to be > > mandatory, is that HTTP/2 also requires SSL > > HTTP2 can be used without TLS by the way (called h2c), and this is also > implemented in nginx. With curl you can test it easily with > --http2-prior-knowledge flag against plain-text port. > > The $http2 variable [1] can also be easily used to distinguish h2c vs > h2(with tls). > > Of course, I doubt there is a lot of real world usage of h2c. Still, it > can > be useful for testing :) > > [1] https://nginx.org/en/docs/http/ngx_http_v2_module.html#variables > > > but recognizes that when > > ssl_reject_handshake=on it doesn't need the certificate. For HTTP/3 it > > doesn't seem to recognize that it doesn't need the certificate since it > > will reject handshakes anyways. > > I see, but when testing with exactly the configuration you posted, it > does not appear to require them in the default server (on 1.25.4). If I > remove ssl_certificate and ssl_certificate_key directives, it still > works... > > 1) Are you using any out of band patches in your nginx build (if self > built)? > > 2) Which TLS library are you using (openssl, boringssl, ect)? > > 3) Which OS? > _______________________________________________ > nginx mailing list > nginx@nginx.org > https://mailman.nginx.org/mailman/listinfo/nginx >
_______________________________________________ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx
