TLS1.3
PGNet Dev
pgnet.dev at gmail.com
Thu Jul 18 20:25:45 UTC 2019
On 7/18/19 1:15 PM, Thomas Ward wrote:
> Might be helpful to point at
> https://trac.nginx.org/nginx/ticket/1654#comment:2 and other issues
> which have spurned the request to rebuild downstream.
>
> Which, given that NGINX built against 1.1.0 downstream and OpenSSL
> downstream in Ubuntu with 1.1.1 is set such that TLS 1.3 is "on by
> default" and therefore is just 'available' and enabled but not able to
> be controlled/disabled by NGINX directly, it DOES work with TLS1.3
> connections and ciphers. We just can't manipulate things.
>
> The developer concern downstream is this rebuild won't introduce any
> other TLS 1.3 behaviors not already present as a result of OpenSSL being
> "TLS1.3 Enabled By Default" which is the current situation.
Thanks for the trac link.
fwiw, here I've
nginx -V
nginx version: nginx/1.17.1 (local build)
built with OpenSSL 1.1.1c 28 May 2019
TLS SNI support enabled
...
yet, despite the build, I'm seeing some problems with TLSv1.3 cipher
usage/config in Nginx.
cref:
https://mta.openssl.org/pipermail/openssl-users/2019-July/010881.html
I've _just_ started poking around with that, and don't know what/where
the problem lies atm. It _seems_ to me an issue with Nginx, but I
simply am unsure ...
Perhaps something i the trac issue will light a bulb for me; I'll take a
closer look.
Thx o/
More information about the nginx-devel
mailing list