Mercurial > hg > nginx-site
diff xml/en/docs/http/configuring_https_servers.xml @ 2948:37e082fd009c
Added TLSv1.3 to the default value of ssl_protocols and friends.
author | Yaroslav Zhuravlev <yar@nginx.com> |
---|---|
date | Fri, 10 Mar 2023 22:17:07 +0000 |
parents | aac9e462320b |
children |
line wrap: on
line diff
--- a/xml/en/docs/http/configuring_https_servers.xml Tue Mar 28 18:06:29 2023 +0300 +++ b/xml/en/docs/http/configuring_https_servers.xml Fri Mar 10 22:17:07 2023 +0000 @@ -8,7 +8,7 @@ <article name="Configuring HTTPS servers" link="/en/docs/http/configuring_https_servers.html" lang="en" - rev="13" + rev="14" author="Igor Sysoev" editor="Brian Mercer"> @@ -31,7 +31,7 @@ server_name www.example.com; ssl_certificate <b>www.example.com.crt</b>; ssl_certificate_key <b>www.example.com.key</b>; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ... } @@ -59,7 +59,7 @@ can be used to limit connections to include only the strong versions and ciphers of SSL/TLS. By default nginx uses -“<literal>ssl_protocols TLSv1 TLSv1.1 TLSv1.2</literal>” +“<literal>ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3</literal>” and “<literal>ssl_ciphers HIGH:!aNULL:!MD5</literal>”, so configuring them explicitly is generally not needed. Note that default values of these directives were @@ -110,7 +110,7 @@ ssl_certificate www.example.com.crt; ssl_certificate_key www.example.com.key; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ... </programlisting> @@ -446,6 +446,11 @@ <list type="bullet"> <listitem> +Version 1.23.4 and later: the default SSL protocols are TLSv1, +TLSv1.1, TLSv1.2, and TLSv1.3 (if supported by the OpenSSL library). +</listitem> + +<listitem> Version 1.9.1 and later: the default SSL protocols are TLSv1, TLSv1.1, and TLSv1.2 (if supported by the OpenSSL library). </listitem>