Klaus Demo nginx / 04618d0
SSL: explicitly set maximum version (ticket #1654). With maximum version explicitly set, TLSv1.3 will not be unexpectedly enabled if nginx compiled with OpenSSL 1.1.0 (without TLSv1.3 support) will be run with OpenSSL 1.1.1 (with TLSv1.3 support). Maxim Dounin 3 years ago
1 changed file(s) with 5 addition(s) and 0 deletion(s). Raw diff Collapse all Expand all
327327 if (!(protocols & NGX_SSL_TLSv1_3)) {
328328 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_3);
329329 }
330 #endif
331
332 #ifdef SSL_CTX_set_min_proto_version
333 SSL_CTX_set_min_proto_version(ssl->ctx, 0);
334 SSL_CTX_set_max_proto_version(ssl->ctx, TLS1_2_VERSION);
330335 #endif
331336
332337 #ifdef TLS1_3_VERSION