Am 28.09.18 um 10:56 schrieb Alex Zhang: > It seems that OpenSSL has changed the way TLSv1.3 cipher suites are > configured. > According to the document > https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_cipher_list.html, the > function SSL_CTX_set_cipher_list isn’t suitable for TLSv1.3, instead, > SSL_CTX_set_ciphersuits should be used. While Nginx’s now still use > SSL_CTX_set_cipher_list > to configure the SSL/TLS ciphers, which leads to the default cipher suits are > used all the time.
Hello, as far as I understand TLS1.3, there was a major redesign regarding cipher suites. It's no longer possible to combine key exchange, hash and cipher in so many ways. There are only 5 fixed cipher suites available (1) so the need to change them is significant lower. Andreas (1) https://tools.ietf.org/html/rfc8446#appendix-B.4 _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
