Thursday, April 30, 2020

Re: How to enable TLS 1.3?

Any idea about relayd though? I don't see any mentioning of 1.3 in man relayd.conf:

tls
no tlsv1.2
Disable the TLSv1.2 protocol. The default is to enable
TLSv1.2.

sslv3 Enable the SSLv3 protocol. The default is no sslv3.

tlsv1 Enable all TLSv1 protocols. This is an alias that
includes tlsv1.0, tlsv1.1, and tlsv1.2. The default is
no tlsv1.

tlsv1.0
Enable the TLSv1.0 protocol. The default is no tlsv1.0.

tlsv1.1
Enable the TLSv1.1 protocol. The default is no tlsv1.1.

--Chad

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Thursday, April 30, 2020 3:04 PM, Martijn van Duren <openbsd+misc@list.imperialat.at> wrote:

> On 4/30/20 1:19 PM, Chad Hoolie wrote:
>
> > Hello,
> > I'm using httpd with acme-client and Let's Encrypt (https://www.romanzolotarev.com/openbsd/acme-client.html).
> > This setup, however, only seems to support TLS 1.2, whereas TLS 1.3 is needed to achieve A+ ratings across the board.
> > Anybody know how to make the upgrade?
> > --Chad
>
> httpd(8):
> protocols string Specify the TLS protocols to enable for this server.
> If not specified, the value "default" will be used (secure protocols;
> TLSv1.2-only). Refer to the tls_config_parse_protocols(3) function for
> other valid protocol string values.
>
> tls_config_parse_protocols(3):
> Valid keywords are tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3, all (all
> supported protocols),
>
> untested, but seems pretty self-explanatory.

No comments:

Post a Comment