On 2020-04-30 13:55, Chad Hoolie wrote: > Any idea about relayd though? I don't see any mentioning of 1.3 in man > relayd.conf:
I'm not a dev but tls1.3 dropped RSA and I think requires ecdsa key support that relayd currently lacks. Although httpd was originally based on relayd. I assume the code is different here because of relayds more complex tls interception and acceleration abilities. Pound and nginx may be alternatives, but they likely won't protect the key so well, if an exploit is found.
