On Thu, September 3, 2020 2:18 pm, Parker Ellertson wrote:
> According to my understanding of the manpages (specifically
> httpd.conf(5) and tls_config_set_protocols(3)), setting up TLSv1.3
> should be just as easy as adding:
>
> tls {
> protocols "TLS_PROTOCOL_TLSv1_3"
> }
>
> to the appropriate server in /etc/httpd.conf . But when I do this,
> httpd(8) doesn't come up. Clearly I'm not setting the right variable,
> but what is that variable to set?
>
> - Parker
>
You've used an ENUM for tls_config_set_protocols(), the httpd.conf(5)
manpage said to look at tls_config_parse_protocols(), that section of the
manpage says:
The protocol string is a comma or colon separated list of keywords.
Valid keywords are tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3, all (all supported
protocols), default (an alias for secure), legacy (an alias for all) and
secure (currently TLSv1.2 and TLSv1.3).
Takes a little bit of careful reading, but that's what's documented.
