TLSv1.3 by default?

Olaf van der Spek nginx-forum at forum.nginx.org
Sun May 17 16:13:20 UTC 2020


Maxim Dounin Wrote:
-------------------------------------------------------
> On Fri, Nov 23, 2018 at 08:43:03AM -0500, Olaf van der Spek wrote:
> > 
> > Why isn't 1.3 enabled by default (when available)?
> > 
> > Syntax:	ssl_protocols [SSLv2] [SSLv3] [TLSv1] [TLSv1.1] [TLSv1.2]
> > [TLSv1.3];
> > Default:	
> > ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
> > 
> > http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols
> 
> The main reason is that when it was implemented, TLSv1.3 RFC 
> wasn't yet finalized, and TLSv1.3 was only available via various 
> drafts, and only with pre-release versions of OpenSSL.
> 
> Now with RFC 8446 published and OpenSSL 1.1.1 with TLSv1.3 
> released this probably can be reconsidered.  On the other hand, 

Has this been reconsidered yet?

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,282098,288063#msg-288063



More information about the nginx mailing list