The official NGINX Open Source repository.

Maxim Dounin 9f30fda1c2 SSL: enabled TLSv1.3 with BoringSSL. ... BoringSSL currently requires SSL_CTX_set_max_proto_version(TLS1_3_VERSION) to be able to enable TLS 1.3. This is because by default max protocol version is set to TLS 1.2, and the SSL_OP_NO_* options are merely used as a blacklist within the version range specified using the SSL_CTX_set_min_proto_version() and SSL_CTX_set_max_proto_version() functions. With this change, we now call SSL_CTX_set_max_proto_version() with an explicit maximum version set. This enables TLS 1.3 with BoringSSL. As a side effect, this change also limits maximum protocol version to the newest protocol we know about, TLS 1.3. This seems to be a good change, as enabling unknown protocols might have unexpected results. Additionally, we now explicitly call SSL_CTX_set_min_proto_version() with 0. This is expected to help with Debian system-wide default of MinProtocol set to TLSv1.2, see http://mailman.nginx.org/pipermail/nginx-ru/2017-October/060411.html. Note that there is no SSL_CTX_set_min_proto_version macro in BoringSSL, so we call SSL_CTX_set_min_proto_version() and SSL_CTX_set_max_proto_version() as long as the TLS1_3_VERSION macro is defined.		2018-08-07 02:15:28 +03:00
auto	Configure: fixed compiler warnings with "-Wall -Wextra".	2018-07-24 18:46:54 +03:00
conf	MIME: added font/woff2 type (ticket #1243).	2018-06-15 17:29:55 +03:00
contrib	Contrib: vim syntax, update core and 3rd party module directives.	2018-03-18 11:11:14 +02:00
docs	nginx-1.15.2-RELEASE	2018-07-24 16:10:59 +03:00
misc	Updated OpenSSL and PCRE used for win32 builds.	2018-04-03 03:54:09 +03:00
src	SSL: enabled TLSv1.3 with BoringSSL.	2018-08-07 02:15:28 +03:00
.hgtags	release-1.15.2 tag	2018-07-24 16:11:00 +03:00