diff options
author | Andreas Rammhold <andreas@rammhold.de> | 2019-03-03 14:19:38 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-03-03 14:19:38 +0100 |
commit | 768336a74b95f24c7b33daf8905bd822be03c78e (patch) | |
tree | 362f4a1148e065dd75443c088efb1b18f15607c5 /nixos | |
parent | 20b066356a802d6b762bc7f7111ded849b3c8431 (diff) | |
parent | f93ff28c627c0f9198be88dcd605078e059bd24a (diff) | |
download | nixlib-768336a74b95f24c7b33daf8905bd822be03c78e.tar nixlib-768336a74b95f24c7b33daf8905bd822be03c78e.tar.gz nixlib-768336a74b95f24c7b33daf8905bd822be03c78e.tar.bz2 nixlib-768336a74b95f24c7b33daf8905bd822be03c78e.tar.lz nixlib-768336a74b95f24c7b33daf8905bd822be03c78e.tar.xz nixlib-768336a74b95f24c7b33daf8905bd822be03c78e.tar.zst nixlib-768336a74b95f24c7b33daf8905bd822be03c78e.zip |
Merge pull request #56233 from jtojnar/nginx-tlsv13
nixos/nginx: Enable TLS 1.3 support
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-1903.xml | 3 | ||||
-rw-r--r-- | nixos/modules/services/web-servers/nginx/default.nix | 4 |
2 files changed, 5 insertions, 2 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1903.xml b/nixos/doc/manual/release-notes/rl-1903.xml index 267bd9d04704..bccd6bce4edd 100644 --- a/nixos/doc/manual/release-notes/rl-1903.xml +++ b/nixos/doc/manual/release-notes/rl-1903.xml @@ -677,6 +677,9 @@ This may break some older applications that still rely on those symbols. An upgrade guide can be found <link xlink:href="https://www.open-mpi.org/faq/?category=mpi-removed">here</link>. </para> + <para> + The nginx package now relies on OpenSSL 1.1 and supports TLS 1.3 by default. You can set the protocols used by the nginx service using <xref linkend="opt-services.nginx.sslProtocols"/>. + </para> </listitem> <listitem> <para> diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index f688bec1426d..8474926d1790 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -491,8 +491,8 @@ in sslProtocols = mkOption { type = types.str; - default = "TLSv1.2"; - example = "TLSv1 TLSv1.1 TLSv1.2"; + default = "TLSv1.2 TLSv1.3"; + example = "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3"; description = "Allowed TLS protocol versions."; }; |