Klaus Demo nginx / 471d077
SSL: explicitly set maximum version (ticket #1654). With maximum version explicitly set, TLSv1.3 will not be unexpectedly enabled if nginx compiled with OpenSSL 1.1.0 (without TLSv1.3 support) will be run with OpenSSL 1.1.1 (with TLSv1.3 support). Maxim Dounin 3 years ago
1 changed file(s) with 5 addition(s) and 0 deletion(s). Raw diff Collapse all Expand all
342342 if (!(protocols & NGX_SSL_TLSv1_3)) {
343343 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_3);
344344 }
345 #endif
346
347 #ifdef SSL_CTX_set_min_proto_version
348 SSL_CTX_set_min_proto_version(ssl->ctx, 0);
349 SSL_CTX_set_max_proto_version(ssl->ctx, TLS1_2_VERSION);
345350 #endif
346351
347352 #ifdef TLS1_3_VERSION