Commit 04618d00e0775b78ca3349da54366d7bcb4d1774 - nginx

SSL: explicitly set maximum version (ticket #1654). With maximum version explicitly set, TLSv1.3 will not be unexpectedly enabled if nginx compiled with OpenSSL 1.1.0 (without TLSv1.3 support) will be run with OpenSSL 1.1.1 (with TLSv1.3 support). Maxim Dounin 3 years ago

1 changed file(s) with 5 addition(s) and 0 deletion(s). Raw diff Collapse all Expand all

-0

src/event/ngx_event_openssl.c less more

327	327	if (!(protocols & NGX_SSL_TLSv1_3)) {
328	328	SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_3);
329	329	}
	330	#endif
	331
	332	#ifdef SSL_CTX_set_min_proto_version
	333	SSL_CTX_set_min_proto_version(ssl->ctx, 0);
	334	SSL_CTX_set_max_proto_version(ssl->ctx, TLS1_2_VERSION);
330	335	#endif
331	336
332	337	#ifdef TLS1_3_VERSION