[matt at openssl.org: Re: [openssl-users] openssl 1.0.2 and TLS 1.3]
Julien ÉLIE
julien at trigofacile.com
Sun Nov 11 14:30:35 UTC 2018
Hi all,
> *) Added a new API for TLSv1.3 ciphersuites:
> SSL_CTX_set_ciphersuites()
> SSL_set_ciphersuites()
>
> => Ah, this breaks the use of the "tlsciphers" parameter in inn.conf! If
> TLS 1.3 is in use, the parameter will not be taken into account.
Now fixed, and will be shipped with INN 2.6.3.
https://inn.eyrie.org/trac/changeset/10300
* A new inn.conf parameter has been added to fine-tune the cipher suites
to use with TLS 1.3: the *tlsciphers13* now permits configuring them.
A separate cipher suite configuration parameter is needed for TLS 1.3
because TLS 1.3 cipher suites are not compatible with TLS 1.2, and
vice-versa. In order to avoid issues where legacy TLS 1.2 cipher
suite configuration configured in the *tlsciphers* parameter would
inadvertently disable all TLS 1.3 cipher suites, the inn.conf
configuration has been separated out.
--
Julien ÉLIE
« Apices iuris non sunt iura. »
More information about the inn-workers
mailing list