Merge pull request #56233 from jtojnar/nginx-tlsv13

nixos/nginx: Enable TLS 1.3 support
This commit is contained in:
Andreas Rammhold 2019-03-03 14:19:38 +01:00 committed by GitHub
commit 768336a74b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 7 additions and 2 deletions

View file

@ -677,6 +677,9 @@
This may break some older applications that still rely on those symbols.
An upgrade guide can be found <link xlink:href="https://www.open-mpi.org/faq/?category=mpi-removed">here</link>.
</para>
<para>
The nginx package now relies on OpenSSL 1.1 and supports TLS 1.3 by default. You can set the protocols used by the nginx service using <xref linkend="opt-services.nginx.sslProtocols"/>.
</para>
</listitem>
<listitem>
<para>

View file

@ -491,8 +491,8 @@ in
sslProtocols = mkOption {
type = types.str;
default = "TLSv1.2";
example = "TLSv1 TLSv1.1 TLSv1.2";
default = "TLSv1.2 TLSv1.3";
example = "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3";
description = "Allowed TLS protocol versions.";
};

View file

@ -13734,12 +13734,14 @@ in
# We don't use `with` statement here on purpose!
# See https://github.com/NixOS/nixpkgs/pull/10474/files#r42369334
modules = [ nginxModules.rtmp nginxModules.dav nginxModules.moreheaders ];
openssl = openssl_1_1;
};
nginxMainline = callPackage ../servers/http/nginx/mainline.nix {
# We don't use `with` statement here on purpose!
# See https://github.com/NixOS/nixpkgs/pull/10474/files#r42369334
modules = [ nginxModules.dav nginxModules.moreheaders ];
openssl = openssl_1_1;
};
nginxModules = callPackage ../servers/http/nginx/modules.nix { };