Thursday, April 30, 2020

Re: How to enable TLS 1.3?

On 4/30/20 1:19 PM, Chad Hoolie wrote:
> Hello,
>
> I'm using httpd with acme-client and Let's Encrypt (https://www.romanzolotarev.com/openbsd/acme-client.html).
>
> This setup, however, only seems to support TLS 1.2, whereas TLS 1.3 is needed to achieve A+ ratings across the board.
>
> Anybody know how to make the upgrade?
>
> --Chad
>
httpd(8):
protocols string Specify the TLS protocols to enable for this server.
If not specified, the value "default" will be used (secure protocols;
TLSv1.2-only). Refer to the tls_config_parse_protocols(3) function for
other valid protocol string values.


tls_config_parse_protocols(3):
Valid keywords are tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3, all (all
supported protocols),

untested, but seems pretty self-explanatory.

No comments:

Post a Comment