Welcome! Log In Create A New Profile

Re: TLSv1.3 by default?

Forum List Message List New Topic Print View

Maxim Dounin

June 06, 2020 10:24PM

Hello!

On Sun, May 17, 2020 at 12:13:20PM -0400, Olaf van der Spek wrote:

> Maxim Dounin Wrote:
> -------------------------------------------------------
> > On Fri, Nov 23, 2018 at 08:43:03AM -0500, Olaf van der Spek wrote:
> > >
> > > Why isn't 1.3 enabled by default (when available)?
> > >
> > > Syntax: ssl_protocols [SSLv2] [SSLv3] [TLSv1] [TLSv1.1] [TLSv1.2]
> > > [TLSv1.3];
> > > Default:
> > > ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
> > >
> > > http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols
> >
> > The main reason is that when it was implemented, TLSv1.3 RFC
> > wasn't yet finalized, and TLSv1.3 was only available via various
> > drafts, and only with pre-release versions of OpenSSL.
> >
> > Now with RFC 8446 published and OpenSSL 1.1.1 with TLSv1.3
> > released this probably can be reconsidered. On the other hand,
>
> Has this been reconsidered yet?

Not yet. Blockers listed in the original message, notably
"ssl_ciphers aNULL;" being non-functional with TLSv1.3
(https://trac.nginx.org/nginx/ticket/195), still apply.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
TLSv1.3 by default?	Olaf van der Spek	November 23, 2018 08:43AM
Re: TLSv1.3 by default?	Maxim Dounin	November 23, 2018 11:52AM
Re: TLSv1.3 by default?	Olaf van der Spek	November 23, 2018 01:05PM
Re: TLSv1.3 by default?	Maxim Dounin	November 23, 2018 02:00PM
Re: TLSv1.3 by default?	Olaf van der Spek	November 23, 2018 03:39PM
Re: TLSv1.3 by default?	Olaf van der Spek	November 28, 2018 03:07AM
Re: TLSv1.3 by default?	Maxim Dounin	November 28, 2018 09:20AM
Re: TLSv1.3 by default?	Olaf van der Spek	November 28, 2018 02:29PM
Re: TLSv1.3 by default?	Maxim Dounin	November 28, 2018 02:40PM
Re: TLSv1.3 by default?	Olaf van der Spek	November 28, 2018 03:28PM
Re: TLSv1.3 by default?	Olaf van der Spek	May 17, 2020 12:13PM
Re: TLSv1.3 by default?	Maxim Dounin	June 06, 2020 10:24PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 278

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018