diff options
| author | Jan Tojnar <jtojnar@gmail.com> | 2019-02-23 09:43:36 +0100 |
|---|---|---|
| committer | Linus Heckemann <git@sphalerite.org> | 2019-02-25 16:47:19 +0100 |
| commit | f93ff28c627c0f9198be88dcd605078e059bd24a (patch) | |
| tree | e2f68d9ed86037cc9f346834ee150a8b26e319a3 /nixos | |
| parent | 051e85296a2decff508f5810bb131045b7afb6c6 (diff) | |
| download | nixlib-f93ff28c627c0f9198be88dcd605078e059bd24a.tar nixlib-f93ff28c627c0f9198be88dcd605078e059bd24a.tar.gz nixlib-f93ff28c627c0f9198be88dcd605078e059bd24a.tar.bz2 nixlib-f93ff28c627c0f9198be88dcd605078e059bd24a.tar.lz nixlib-f93ff28c627c0f9198be88dcd605078e059bd24a.tar.xz nixlib-f93ff28c627c0f9198be88dcd605078e059bd24a.tar.zst nixlib-f93ff28c627c0f9198be88dcd605078e059bd24a.zip | |
nixos/nginx: Enable TLS 1.3 support
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-1903.xml | 3 | ||||
| -rw-r--r-- | nixos/modules/services/web-servers/nginx/default.nix | 4 |
2 files changed, 5 insertions, 2 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1903.xml b/nixos/doc/manual/release-notes/rl-1903.xml index 1b99724c6bc7..db77724507d1 100644 --- a/nixos/doc/manual/release-notes/rl-1903.xml +++ b/nixos/doc/manual/release-notes/rl-1903.xml @@ -645,6 +645,9 @@ This may break some older applications that still rely on those symbols. An upgrade guide can be found <link xlink:href="https://www.open-mpi.org/faq/?category=mpi-removed">here</link>. </para> + <para> + The nginx package now relies on OpenSSL 1.1 and supports TLS 1.3 by default. You can set the protocols used by the nginx service using <xref linkend="opt-services.nginx.sslProtocols"/>. + </para> </listitem> </itemizedlist> </section> diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index 6c733f093ba8..569ed5a4e256 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -479,8 +479,8 @@ in sslProtocols = mkOption { type = types.str; - default = "TLSv1.2"; - example = "TLSv1 TLSv1.1 TLSv1.2"; + default = "TLSv1.2 TLSv1.3"; + example = "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3"; description = "Allowed TLS protocol versions."; }; |