[PATCH] New directive to configure TLSv1.3 ciphers

Maxim Dounin mdounin at mdounin.ru
Fri Nov 16 11:51:53 UTC 2018


On Thu, Nov 15, 2018 at 12:17:15PM -0800, Ramprasad Tamilselvan wrote:

> I have a question regarding the ticket.
> What if different TLSv1.3 ciphers need to be configured in different server blocks?
> In this case, changing openssl.conf will not help right.

Sure, configuring ciphers via openssl.conf is at most workaround, 
and does not cover all possible use cases.  The best solution 
would be to patch OpenSSL to support configuration of TLSv1.3 
ciphers via SSL_CTX_set_cipher_list().

Maxim Dounin

More information about the nginx-devel mailing list