Hello! On Sun, May 17, 2020 at 12:13:20PM -0400, Olaf van der Spek wrote:
> Maxim Dounin Wrote: > ------------------------------------------------------- > > On Fri, Nov 23, 2018 at 08:43:03AM -0500, Olaf van der Spek wrote: > > > > > > Why isn't 1.3 enabled by default (when available)? > > > > > > Syntax: ssl_protocols [SSLv2] [SSLv3] [TLSv1] [TLSv1.1] [TLSv1.2] > > > [TLSv1.3]; > > > Default: > > > ssl_protocols TLSv1 TLSv1.1 TLSv1.2; > > > > > > http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols > > > > The main reason is that when it was implemented, TLSv1.3 RFC > > wasn't yet finalized, and TLSv1.3 was only available via various > > drafts, and only with pre-release versions of OpenSSL. > > > > Now with RFC 8446 published and OpenSSL 1.1.1 with TLSv1.3 > > released this probably can be reconsidered. On the other hand, > > Has this been reconsidered yet? Not yet. Blockers listed in the original message, notably "ssl_ciphers aNULL;" being non-functional with TLSv1.3 (https://trac.nginx.org/nginx/ticket/195), still apply. -- Maxim Dounin http://mdounin.ru/ _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
