Skip to content

Commit 7b24b93

Browse files
committed
SSL: enabled TLSv1.3 by default.
1 parent 2ca4355 commit 7b24b93

7 files changed

+21
-14
lines changed

src/http/modules/ngx_http_grpc_module.c

+3-2
Original file line numberDiff line numberDiff line change
@@ -4473,8 +4473,9 @@ ngx_http_grpc_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
44734473
prev->upstream.ssl_session_reuse, 1);
44744474

44754475
ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols,
4476-
(NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
4477-
|NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
4476+
(NGX_CONF_BITMASK_SET
4477+
|NGX_SSL_TLSv1|NGX_SSL_TLSv1_1
4478+
|NGX_SSL_TLSv1_2|NGX_SSL_TLSv1_3));
44784479

44794480
ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers,
44804481
"DEFAULT");

src/http/modules/ngx_http_proxy_module.c

+3-2
Original file line numberDiff line numberDiff line change
@@ -3734,8 +3734,9 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
37343734
prev->upstream.ssl_session_reuse, 1);
37353735

37363736
ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols,
3737-
(NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
3738-
|NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
3737+
(NGX_CONF_BITMASK_SET
3738+
|NGX_SSL_TLSv1|NGX_SSL_TLSv1_1
3739+
|NGX_SSL_TLSv1_2|NGX_SSL_TLSv1_3));
37393740

37403741
ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers,
37413742
"DEFAULT");

src/http/modules/ngx_http_ssl_module.c

+3-2
Original file line numberDiff line numberDiff line change
@@ -632,8 +632,9 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
632632
ngx_conf_merge_value(conf->reject_handshake, prev->reject_handshake, 0);
633633

634634
ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
635-
(NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
636-
|NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
635+
(NGX_CONF_BITMASK_SET
636+
|NGX_SSL_TLSv1|NGX_SSL_TLSv1_1
637+
|NGX_SSL_TLSv1_2|NGX_SSL_TLSv1_3));
637638

638639
ngx_conf_merge_size_value(conf->buffer_size, prev->buffer_size,
639640
NGX_SSL_BUFSIZE);

src/http/modules/ngx_http_uwsgi_module.c

+3-2
Original file line numberDiff line numberDiff line change
@@ -1875,8 +1875,9 @@ ngx_http_uwsgi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
18751875
prev->upstream.ssl_session_reuse, 1);
18761876

18771877
ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols,
1878-
(NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
1879-
|NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
1878+
(NGX_CONF_BITMASK_SET
1879+
|NGX_SSL_TLSv1|NGX_SSL_TLSv1_1
1880+
|NGX_SSL_TLSv1_2|NGX_SSL_TLSv1_3));
18801881

18811882
ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers,
18821883
"DEFAULT");

src/mail/ngx_mail_ssl_module.c

+3-2
Original file line numberDiff line numberDiff line change
@@ -360,8 +360,9 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
360360
prev->prefer_server_ciphers, 0);
361361

362362
ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
363-
(NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
364-
|NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
363+
(NGX_CONF_BITMASK_SET
364+
|NGX_SSL_TLSv1|NGX_SSL_TLSv1_1
365+
|NGX_SSL_TLSv1_2|NGX_SSL_TLSv1_3));
365366

366367
ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
367368
ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);

src/stream/ngx_stream_proxy_module.c

+3-2
Original file line numberDiff line numberDiff line change
@@ -2163,8 +2163,9 @@ ngx_stream_proxy_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
21632163
prev->ssl_session_reuse, 1);
21642164

21652165
ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols,
2166-
(NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
2167-
|NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
2166+
(NGX_CONF_BITMASK_SET
2167+
|NGX_SSL_TLSv1|NGX_SSL_TLSv1_1
2168+
|NGX_SSL_TLSv1_2|NGX_SSL_TLSv1_3));
21682169

21692170
ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers, "DEFAULT");
21702171

src/stream/ngx_stream_ssl_module.c

+3-2
Original file line numberDiff line numberDiff line change
@@ -703,8 +703,9 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
703703
prev->prefer_server_ciphers, 0);
704704

705705
ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
706-
(NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
707-
|NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
706+
(NGX_CONF_BITMASK_SET
707+
|NGX_SSL_TLSv1|NGX_SSL_TLSv1_1
708+
|NGX_SSL_TLSv1_2|NGX_SSL_TLSv1_3));
708709

709710
ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
710711
ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);

0 commit comments

Comments
 (0)