nixos/nginx: Enable TLS 1.3 support

2019-02-23 09:43:36 +01:00 · 2019-02-23 09:43:36 +01:00 · f93ff28c62
commit f93ff28c62
parent 051e85296a
2 changed files with 5 additions and 2 deletions
--- a/nixos/doc/manual/release-notes/rl-1903.xml
+++ b/nixos/doc/manual/release-notes/rl-1903.xml
@ -645,6 +645,9 @@
       This may break some older applications that still rely on those symbols.
       An upgrade guide can be found <link xlink:href="https://www.open-mpi.org/faq/?category=mpi-removed">here</link>.
     </para>
+    <para>
+     The nginx package now relies on OpenSSL 1.1 and supports TLS 1.3 by default. You can set the protocols used by the nginx service using <xref linkend="opt-services.nginx.sslProtocols"/>.
+    </para>
   </listitem>
  </itemizedlist>
 </section>
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@ -479,8 +479,8 @@ in

      sslProtocols = mkOption {
        type = types.str;
-        default = "TLSv1.2";
-        example = "TLSv1 TLSv1.1 TLSv1.2";
+        default = "TLSv1.2 TLSv1.3";
+        example = "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3";
        description = "Allowed TLS protocol versions.";
      };