tls_no_verify_warn
The 'tls_no_verify_warn' directive disables warning messages when certificate verification fails during TLS negotiation.
Description
The 'tls_no_verify_warn' directive is a flag used in the context of the NGINX Proxy-Wasm module. When set, it instructs NGINX not to display warnings for certificate verification failures that can occur during TLS handshake. This can be particularly useful in scenarios where self-signed certificates or untrusted certificate authorities are involved, and users are aware of the potential security implications but wish to suppress warning messages in logs. By implementing this directive, NGINX maintains a cleaner log output, eliminating noise created by TLS verification issues while still allowing connections to proceed even if those connections are not secured by trusted certificates. It is important to remember that while using this directive suppresses warnings, it does not impact the actual behavior of TLS connection verification. Users should exercise caution and ensure that omitting such warnings does not introduce security vulnerabilities into their applications.
Config Example
wasm {
tls_no_verify_warn on;
module my_filter /path/to/filter.wasm;
}Using this directive without understanding the implications of suppressing warnings could lead to security vulnerabilities.
It is advisable to only enable this directive in controlled environments or during development rather than in production.