Merge pull request #56233 from jtojnar/nginx-tlsv13
nixos/nginx: Enable TLS 1.3 support
This commit is contained in:
commit
768336a74b
3 changed files with 7 additions and 2 deletions
|
@ -677,6 +677,9 @@
|
|||
This may break some older applications that still rely on those symbols.
|
||||
An upgrade guide can be found <link xlink:href="https://www.open-mpi.org/faq/?category=mpi-removed">here</link>.
|
||||
</para>
|
||||
<para>
|
||||
The nginx package now relies on OpenSSL 1.1 and supports TLS 1.3 by default. You can set the protocols used by the nginx service using <xref linkend="opt-services.nginx.sslProtocols"/>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
|
|
|
@ -491,8 +491,8 @@ in
|
|||
|
||||
sslProtocols = mkOption {
|
||||
type = types.str;
|
||||
default = "TLSv1.2";
|
||||
example = "TLSv1 TLSv1.1 TLSv1.2";
|
||||
default = "TLSv1.2 TLSv1.3";
|
||||
example = "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3";
|
||||
description = "Allowed TLS protocol versions.";
|
||||
};
|
||||
|
||||
|
|
|
@ -13734,12 +13734,14 @@ in
|
|||
# We don't use `with` statement here on purpose!
|
||||
# See https://github.com/NixOS/nixpkgs/pull/10474/files#r42369334
|
||||
modules = [ nginxModules.rtmp nginxModules.dav nginxModules.moreheaders ];
|
||||
openssl = openssl_1_1;
|
||||
};
|
||||
|
||||
nginxMainline = callPackage ../servers/http/nginx/mainline.nix {
|
||||
# We don't use `with` statement here on purpose!
|
||||
# See https://github.com/NixOS/nixpkgs/pull/10474/files#r42369334
|
||||
modules = [ nginxModules.dav nginxModules.moreheaders ];
|
||||
openssl = openssl_1_1;
|
||||
};
|
||||
|
||||
nginxModules = callPackage ../servers/http/nginx/modules.nix { };
|
||||
|
|
Loading…
Reference in a new issue