Re: How to enable TLS 1.3?

Thanks a lot for the help Martijn.

Fingers crossed it will appear soon. Our search engine rankings depend on it!

--Chad

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Thursday, April 30, 2020 4:16 PM, Martijn van Duren <openbsd+misc@list.imperialat.at> wrote:

> If it's not in the manpage it's probably not there.
> I did gave a quick look through the relayd source, but from what I saw
> there's no TLS1.3 support there.
>
> On 4/30/20 3:55 PM, Chad Hoolie wrote:
>
> > Any idea about relayd though? I don't see any mentioning of 1.3 in man relayd.conf:
> > tls
> > no tlsv1.2
> > Disable the TLSv1.2 protocol. The default is to enable
> > TLSv1.2.
> > sslv3 Enable the SSLv3 protocol. The default is no sslv3.
> > tlsv1 Enable all TLSv1 protocols. This is an alias that
> > includes tlsv1.0, tlsv1.1, and tlsv1.2. The default is
> > no tlsv1.
> > tlsv1.0
> > Enable the TLSv1.0 protocol. The default is no tlsv1.0.
> > tlsv1.1
> > Enable the TLSv1.1 protocol. The default is no tlsv1.1.
> > --Chad
> > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> > On Thursday, April 30, 2020 3:04 PM, Martijn van Duren openbsd+misc@list.imperialat.at wrote:
> >
> > > On 4/30/20 1:19 PM, Chad Hoolie wrote:
> > >
> > > > Hello,
> > > > I'm using httpd with acme-client and Let's Encrypt (https://www.romanzolotarev.com/openbsd/acme-client.html).
> > > > This setup, however, only seems to support TLS 1.2, whereas TLS 1.3 is needed to achieve A+ ratings across the board.
> > > > Anybody know how to make the upgrade?
> > > > --Chad
> > >
> > > httpd(8):
> > > protocols string Specify the TLS protocols to enable for this server.
> > > If not specified, the value "default" will be used (secure protocols;
> > > TLSv1.2-only). Refer to the tls_config_parse_protocols(3) function for
> > > other valid protocol string values.
> > > tls_config_parse_protocols(3):
> > > Valid keywords are tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3, all (all
> > > supported protocols),
> > > untested, but seems pretty self-explanatory.