[matt at openssl.org: Re: [openssl-users] openssl 1.0.2 and TLS 1.3]

Julien ÉLIE julien at trigofacile.com
Sun Nov 11 14:30:35 UTC 2018


Hi all,

>    *) Added a new API for TLSv1.3 ciphersuites:
>          SSL_CTX_set_ciphersuites()
>          SSL_set_ciphersuites()
> 
> => Ah, this breaks the use of the "tlsciphers" parameter in inn.conf! If 
> TLS 1.3 is in use, the parameter will not be taken into account.

Now fixed, and will be shipped with INN 2.6.3.
  https://inn.eyrie.org/trac/changeset/10300

    * A new inn.conf parameter has been added to fine-tune the cipher suites
      to use with TLS 1.3:  the *tlsciphers13* now permits configuring them.
      A separate cipher suite configuration parameter is needed for TLS 1.3
      because TLS 1.3 cipher suites are not compatible with TLS 1.2, and
      vice-versa.  In order to avoid issues where legacy TLS 1.2 cipher
      suite configuration configured in the *tlsciphers* parameter would
      inadvertently disable all TLS 1.3 cipher suites, the inn.conf
      configuration has been separated out.

-- 
Julien ÉLIE

« Apices iuris non sunt iura. »


More information about the inn-workers mailing list