Maxim Dounin

Note that there is existing API to limit session lifetime, SSL_CTX_set_timeout(). Current OpenSSL (and BoringSSL) behaviour with TLSv1.3 clearly violates guarantees provided by this API. In nginx 1.23.2, we worked...

Well, "in some interpretation" every session can be seen as a new one. Formally speaking, based solely on the SSL_CTX_set_timeout() documentation, this is still very simple though: since changes to...

This issue is resolved in LibreSSL 4.0.0.

> Have I just run into a similar issue? While testing the reverse proxy function of my server, the last domain cert loaded in the the config is only being...

To reproduce, I'm using [ssl_stapling.t](github.com/freenginx/nginx-tests](https://github.com/freenginx/nginx-tests/blob/default/ssl_stapling.t) test against freenginx with a workaround for #1058. All tests should pass, including those 3 currently marked as TODO for LibreSSL. Any fix for #1058...

That's not really mine issue: as outlined in the initial description, `SSL_get_certificate()` is not currently used by [free]nginx anywhere except for OCSP stapling, and therefore it is not currently possible...