Merge pull request #56233 from jtojnar/nginx-tlsv13

nixos/nginx: Enable TLS 1.3 support
author: Andreas Rammhold <andreas@rammhold.de> 2019-03-03 14:19:38 +0100
committer: GitHub <noreply@github.com> 2019-03-03 14:19:38 +0100
commit: 768336a74b95f24c7b33daf8905bd822be03c78e (patch)
tree: 362f4a1148e065dd75443c088efb1b18f15607c5 /nixos
parent: 20b066356a802d6b762bc7f7111ded849b3c8431 (diff)
parent: f93ff28c627c0f9198be88dcd605078e059bd24a (diff)
download: nixlib-768336a74b95f24c7b33daf8905bd822be03c78e.tar
nixlib-768336a74b95f24c7b33daf8905bd822be03c78e.tar.gz
nixlib-768336a74b95f24c7b33daf8905bd822be03c78e.tar.bz2
nixlib-768336a74b95f24c7b33daf8905bd822be03c78e.tar.lz
nixlib-768336a74b95f24c7b33daf8905bd822be03c78e.tar.xz
nixlib-768336a74b95f24c7b33daf8905bd822be03c78e.tar.zst
nixlib-768336a74b95f24c7b33daf8905bd822be03c78e.zip
2 files changed, 5 insertions, 2 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1903.xml b/nixos/doc/manual/release-notes/rl-1903.xml
index 267bd9d04704..bccd6bce4edd 100644
--- a/nixos/doc/manual/release-notes/rl-1903.xml
+++ b/nixos/doc/manual/release-notes/rl-1903.xml
@@ -677,6 +677,9 @@
        This may break some older applications that still rely on those symbols.
        An upgrade guide can be found <link xlink:href="https://www.open-mpi.org/faq/?category=mpi-removed">here</link>.
      </para>
+    <para>
+     The nginx package now relies on OpenSSL 1.1 and supports TLS 1.3 by default. You can set the protocols used by the nginx service using <xref linkend="opt-services.nginx.sslProtocols"/>.
+    </para>
    </listitem>
    <listitem>
      <para>
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix
index f688bec1426d..8474926d1790 100644
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@@ -491,8 +491,8 @@ in
 
       sslProtocols = mkOption {
         type = types.str;
-        default = "TLSv1.2";
-        example = "TLSv1 TLSv1.1 TLSv1.2";
+        default = "TLSv1.2 TLSv1.3";
+        example = "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3";
         description = "Allowed TLS protocol versions.";
       };
author	Andreas Rammhold <andreas@rammhold.de>	2019-03-03 14:19:38 +0100
committer	GitHub <noreply@github.com>	2019-03-03 14:19:38 +0100
commit	768336a74b95f24c7b33daf8905bd822be03c78e (patch)
tree	362f4a1148e065dd75443c088efb1b18f15607c5 /nixos
parent	20b066356a802d6b762bc7f7111ded849b3c8431 (diff)
parent	f93ff28c627c0f9198be88dcd605078e059bd24a (diff)
download	nixlib-768336a74b95f24c7b33daf8905bd822be03c78e.tar nixlib-768336a74b95f24c7b33daf8905bd822be03c78e.tar.gz nixlib-768336a74b95f24c7b33daf8905bd822be03c78e.tar.bz2 nixlib-768336a74b95f24c7b33daf8905bd822be03c78e.tar.lz nixlib-768336a74b95f24c7b33daf8905bd822be03c78e.tar.xz nixlib-768336a74b95f24c7b33daf8905bd822be03c78e.tar.zst nixlib-768336a74b95f24c7b33daf8905bd822be03c78e.zip