public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/nginx: Enable TLS 1.3 support

Browse Source
This commit is contained in:
Jan Tojnar 2019-02-23 09:43:36 +01:00 committed by Linus Heckemann
parent 051e85296a
commit f93ff28c62
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
nixos/doc/manual/release-notes/rl-1903.xml
View File

@ -645,6 +645,9 @@
This may break some older applications that still rely on those symbols. This may break some older applications that still rely on those symbols.
An upgrade guide can be found <link xlink:href="https://www.open-mpi.org/faq/?category=mpi-removed">here</link>. An upgrade guide can be found <link xlink:href="https://www.open-mpi.org/faq/?category=mpi-removed">here</link>.
</para> </para>
<para>
The nginx package now relies on OpenSSL 1.1 and supports TLS 1.3 by default. You can set the protocols used by the nginx service using <xref linkend="opt-services.nginx.sslProtocols"/>.
</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</section> </section>

4
nixos/modules/services/web-servers/nginx/default.nix
View File

@ -479,8 +479,8 @@ in
sslProtocols = mkOption { sslProtocols = mkOption {
type = types.str; type = types.str;
default = "TLSv1.2"; default = "TLSv1.2 TLSv1.3";
example = "TLSv1 TLSv1.1 TLSv1.2"; example = "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3";
description = "Allowed TLS protocol versions."; description = "Allowed TLS protocol versions.";
}; };