Welcome! Log In Create A New Profile

Advanced

Re: TLSv1.3 by default?

Maxim Dounin
November 28, 2018 09:20AM
Hello!

On Wed, Nov 28, 2018 at 03:07:25AM -0500, Olaf van der Spek wrote:

> Olaf van der Spek Wrote:
> -------------------------------------------------------
> > Maxim Dounin Wrote:
> > -------------------------------------------------------
> > > Hello!
> > >
> > > On Fri, Nov 23, 2018 at 01:05:55PM -0500, Olaf van der Spek wrote:
> > >
> > > > What's the recommendation for distros? Should they explicitly
> > enable
> > > > TLSv1.3?
> > > > Ideally they'd just stick to upstream defaults, hence my question
> > > about the
> > > > default.
> > >
> > > The recommendation for distros is to don't mess with the defaults.
> >
> > Should they use the 'defaults' from the stock nginx.conf or the
> > defaults from the binary / docs? ;)
>
>
> Maxim?

There is no such thing as "defaults from the stock nginx.conf".
The nginx.conf file can be used to set various configuration
parameters.

Obviously enough, distributions may need to set something in
nginx.conf they ship with nginx packages differently from what is
configured in example configuration as available in nginx sources,
conf/nginx.conf. Though my recommendation would be to keep
configuration shipped as close to conf/nginx.conf as possible, and
don't diverge from it unless there are good reasons to.

As for TLSv1.3, the TLSv1.3 protocol is currently disabled by
default in nginx. Distributions shouldn't try to enable it
(either way) unless there are very good reasons to do so.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

TLSv1.3 by default?

Olaf van der Spek November 23, 2018 08:43AM

Re: TLSv1.3 by default?

Maxim Dounin November 23, 2018 11:52AM

Re: TLSv1.3 by default?

Olaf van der Spek November 23, 2018 01:05PM

Re: TLSv1.3 by default?

Maxim Dounin November 23, 2018 02:00PM

Re: TLSv1.3 by default?

Olaf van der Spek November 23, 2018 03:39PM

Re: TLSv1.3 by default?

Olaf van der Spek November 28, 2018 03:07AM

Re: TLSv1.3 by default?

Maxim Dounin November 28, 2018 09:20AM

Re: TLSv1.3 by default?

Olaf van der Spek November 28, 2018 02:29PM

Re: TLSv1.3 by default?

Maxim Dounin November 28, 2018 02:40PM

Re: TLSv1.3 by default?

Olaf van der Spek November 28, 2018 03:28PM

Re: TLSv1.3 by default?

Olaf van der Spek May 17, 2020 12:13PM

Re: TLSv1.3 by default?

Maxim Dounin June 06, 2020 10:24PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 230
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready