Nagi5Yeq
/ nginx-tls1.3-openssl.patch
Created
November 30, 2018 04:01
A patch to nginx allows you to change TLS 1.3 cipher suites
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| You can specify a perfered TLS 1.3 cipher suites list in Nginx by the following setting: | |
| ssl_ciphers TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256|ECDHE+AESGCM:HIGH:!aNULL:!eNULL:!MD5; | |
| The TLS 1.3 and TLS 1.2- cipher suites are separated by a '|', notice that you neet to list the full name of TLS 1.3 cipher suites according to OpenSSL Wiki. | |
| Only tested on nginx/1.15.7 with OpenSSL 1.1.1a. | |
| See https://x-nagi.com/2018/11/nginx-tls1-3-patch.html for details. | |
| --- | |
| diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c | |
| index a281fba..7e2809b 100644 |