SSL Client Hello Unrecognized Custom Extensions

Skip to first unread message

Jordi Escudero

Nov 25, 2022, 6:41:35 AM11/25/22
to openresty-en
I am trying to use custom extensions for the clienthello message with the "ngx.ssl.clienthello" module but I find that the Openssl library it uses internally limits unrecognized extensions.

Is there an example of using a custom extension for this module? Currently it uses the extension 0 which is the name of the server and this has no limitations.

Any hint on this topic would be appreciated :D
Thank you

Junlong li

Nov 25, 2022, 11:31:03 PM11/25/22
to openresty-en
I think it is better to show the code you have tried now.

Can you get the ext by get_client_hello_ext ?

Jordi Escudero

Nov 29, 2022, 10:41:41 AM11/29/22
to openresty-en
the problem is using an extension that is not registered and it seems to me that the openssl library is filtering it...

Maybe is necessary to register the extension on the server side ... I'm using this example but with openresty as a server.



Nov 29, 2022, 12:38:42 PM11/29/22
Is the client actually sending the custom extension? `get_client_hello_ext` only gets the raw data of the specified extension if it is present.
To add a custom extension on the client side, you may need to use `SSL_CTX_add_custom_extif the client uses OpenSSL as well.
For detail about this API, please refer to the official doc.

Jordi Escudero <> 于2022年11月29日周二 23:41写道:
You received this message because you are subscribed to the Google Groups "openresty-en" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To view this discussion on the web visit
Reply all
Reply to author
0 new messages