Hello!
On Sat, Dec 19, 2020 at 05:04:36AM -0500, graxlop wrote:
> I'm using nginx 1.19.6 and when enabling "ssl_reject_handshake" in the top
> server block, it will disable TLS 1.3 if no certificate is included in the
> same server block or in the http block.
>
>
Hello,
I'm using nginx 1.19.6 and when enabling "ssl_reject_handshake" in the top
server block, it will disable TLS 1.3 if no certificate is included in the
same server block or in the http block.
server {
listen 443 ssl;
ssl_reject_handshake on;
gt;
>>>> On Sun, Nov 29, 2020 at 04:01:07PM +0100, ng...@bartelt.name wrote:
>>>>
>>>>> I've noticed that nginx 1.18.0 always enables TLS 1.3 even if not
>>>>> configured to do so. I've observed this behavior on OpenBSD with (nginx
>>&g
On 11/30/20 11:39 PM, Maxim Dounin wrote:
Hello!
On Mon, Nov 30, 2020 at 06:41:18PM +0100, Andreas Bartelt wrote:
On 11/30/20 4:07 PM, Maxim Dounin wrote:
Hello!
On Sun, Nov 29, 2020 at 04:01:07PM +0100, ng...@bartelt.name wrote:
I've noticed that nginx 1.18.0 always enables TLS 1.3
Hello!
On Mon, Nov 30, 2020 at 06:41:18PM +0100, Andreas Bartelt wrote:
> On 11/30/20 4:07 PM, Maxim Dounin wrote:
> > Hello!
> >
> > On Sun, Nov 29, 2020 at 04:01:07PM +0100, ng...@bartelt.name wrote:
> >
> >> I've noticed that nginx 1.18.0 always en
On 11/30/20 4:07 PM, Maxim Dounin wrote:
Hello!
On Sun, Nov 29, 2020 at 04:01:07PM +0100, ng...@bartelt.name wrote:
I've noticed that nginx 1.18.0 always enables TLS 1.3 even if not
configured to do so. I've observed this behavior on OpenBSD with (nginx
1.18.0 linked against Libr
Hello!
On Sun, Nov 29, 2020 at 04:01:07PM +0100, ng...@bartelt.name wrote:
> I've noticed that nginx 1.18.0 always enables TLS 1.3 even if not
> configured to do so. I've observed this behavior on OpenBSD with (nginx
> 1.18.0 linked against LibreSSL 3.3.0) and on Ubuntu
Thanks for your reply.
I've recompiled nginx on OpenBSD in order to get rid of the LibreSSL
version mismatch which is gone now:
# nginx -V
nginx version: nginx/1.18.0
built with LibreSSL 3.3.0
Unfortunately, this didn't solve the problem, i.e., TLS 1.3 is still
enabled on my Ope
We had this problem in Ubuntu's repos until we rebuilt against newer OpenSSL
and the TLS 1.3 variables were exposed to NGINX at build time - then you could
turn it off in ssl_protocols by not specifying TLSv1.3.However, your case
indicates that you are linked (compiled) against older Lib
Hello,
I've noticed that nginx 1.18.0 always enables TLS 1.3 even if not
configured to do so. I've observed this behavior on OpenBSD with (nginx
1.18.0 linked against LibreSSL 3.3.0) and on Ubuntu 20.04 (nginx 1.18.0
linked against OpenSSL 1.1.1f). I don't know which r
RunĀ openssl versionThe problem is openssl is too old for TLS 1.3 using Centos 7.You might want to read this:https://forums.centos.org/viewtopic.php?t=71848I have seen threads on building openssl so that you can support tls 1.3 on Centos 7. The trouble is once you build something it is your
fered
> TLS 1.2offered (OK)
> TLS 1.3not offered and downgraded to a weaker protocol
> NPN/SPDY h2, http/1.1 (advertised)
> ALPN/HTTP2 h2, http/1.1 (offered)
Any clue regarding "TLS 1.3not offered and downgraded to a weaker
protocol" ? Please let
Hello,
09.07.2019 13:35, Konstantin Pavlov wrote:
> Thanks for the heads up on the openssl version change in 18.04 - it
> definitely is on our roadmap to provide prebuilt packages based on
> openssl 1.1.1!
>
> Indeed, new packages built with openssl 1.1.1 will not work on the older
> Ubuntu 18.04
/n/nginx/nginx_1.17.1-1~bionic_amd64.deb
> and it doesn't have TLS 1.3 support.
> According to
> https://mailman.nginx.org/pipermail/nginx/2019-January/057402.html this
> would be because it was built on an Ubuntu 18.04 "bionic" that was not
> fully updated.
> Ubuntu 18.
I've installed the nginx package provided by nginx.org (
https://nginx.org/en/linux_packages.html#Ubuntu)
specifically the binary provided by
https://nginx.org/packages/mainline/ubuntu/pool/nginx/n/nginx/nginx_1.17.1-1~bionic_amd64.deb
and it doesn't have TLS 1.3 support.
Accordin
Hello!
On Tue, Jul 10, 2018 at 07:06:19AM -0400, rudyxie wrote:
> Has the nginx 1.15.x support the 0-RTT early data of TLS1.3 ? I read the
> change log of nginx 1.15.x and not found it.
Development of the 1.15.x branch is in progress. Support for
0-RTT mode aka early data is still in plans.
-
Has the nginx 1.15.x support the 0-RTT early data of TLS1.3 ? I read the
change log of nginx 1.15.x and not found it.
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,279404,280472#msg-280472
___
nginx mailing list
nginx@nginx.org
http://mailm
Ah! Thank you very much.
Recompiled with older openssl 1.1.1 pre2 since current browsers implement
draft 23 atm.
It's working now.
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,280017,280094#msg-280094
___
nginx mailing list
nginx@nginx.
Am 03.06.2018 um 13:59 schrieb shiz:
> TLS 1.3offered (OK): draft 28, draft 27, draft 26
there are different, incompatible versions (drafts) of TLS1.3
Browser and server must implement the same draft version otherwise the browser
fall back to TLS1.2.
see https://wiki.openssl.
Hi,
I can't see what I'm doing wrong.
When I visit https://www.cloudflare.com/ with my browser TLS 1.3 is used.
However when I visit my website, TLS 1.2 is selected instead.
My browser (opera 53) has this in its command line: "
--ssl-version-max=tls1.3 --tls13-variant=draft"
Hello!
On Wed, Apr 11, 2018 at 10:12:52AM -0700, Frank Liu wrote:
> https://trac.nginx.org/nginx/roadmap says
>
>- [in progress] TLS 1.3 support
>
>
> Now that milestone 1.13 has only 6 days left, is this still in the plan or
> are we pushing it to 1.15?
There is ba
https://trac.nginx.org/nginx/roadmap says
- [in progress] TLS 1.3 support
Now that milestone 1.13 has only 6 days left, is this still in the plan or
are we pushing it to 1.15?
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman
Hello!
On Thu, Feb 18, 2016 at 07:30:04AM -0800, JimS wrote:
> What's the current feature-release plan for TLS 1.3 support in Nginx?
>
> Will it be added while still in draft status, or only after full release?
>
> Is it, in any form, on-schedule yet?
Support for SSL and
What's the current feature-release plan for TLS 1.3 support in Nginx?
Will it be added while still in draft status, or only after full release?
Is it, in any form, on-schedule yet?
Thanks,
Jim
___
nginx mailing list
nginx@nginx.org
24 matches
Mail list logo
