Hello Reinis,
TLSv1.2 ciphers is supported by kernel as well as TLSv1.3.
If the particular cipher is not supported by kernel, BIO_get_ktls_send()
function returns zero and SSL sendfile will not be used.
Check https://hg.nginx.org/nginx/rev/65946a191197#l1.18 for details.
16.11.2021 20:15, Reinis Rozitis пишет:
>> As some of you probably know we added kTLS support in nginx-1.21.4.
>
> Before testing myself wanted to quickly clarify - does this work in
> combination with older cipher suites (as in fallback from kTLS to standard
> non-kernel) to support older clients which still use tls 1.1 / 1.2 or you
> are locked into using Tls 1.3 ciphers only?
>
> wbr
> rr
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
--
Best regards,
Mikhail Isachenkov
NGINX Professional Services
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx