# Nginx是否支持GNUTLS

2019年10月10日 | 分类: 【技术】

Nginx是否支持GNUTLS？

It is not possible to use GnuTLS with nginx.

Nginx支持TLS协议的SNI扩展（Server Name Indication，简单地说这个扩展使得在同一个IP上可以以不同的证书serv不同的域名）。不过，SNI扩展还必须有客户端的支持，另外本地的OpenSSL必须支持它。

Nginx在默认情况下是TLS SNI support disabled。

It is not possible to use GnuTLS with nginx. Here are some source files having ssl in their names (from the nginx 1.7.7 source), GnuTLS does not seem to be mentioned:

auto/lib/openssl/
src/mail/ngx_mail_ssl_module.h
src/mail/ngx_mail_ssl_module.c
src/http/modules/ngx_http_ssl_module.c
src/http/modules/ngx_http_ssl_module.h
src/event/ngx_event_openssl.h
src/event/ngx_event_openssl.c
src/event/ngx_event_openssl_stapling.c


Neither has GnuTLS been mentioned in the source (grep -rni gnutls . or even grep -rni gnu .). According to Compatibility with the OpenSSL Library, GnuTLS cannot fully replace OpenSSL.

Unless you really need it, use the current version of nginx and OpenSSL. Work has been done for OpenSSL 1.0.1 to support TLS 1.2. See Changes between 1.0.0h and 1.0.1 [14 Mar 2012].

【参考】