On Sun, Oct 18, 2020 at 11:30:02AM +0200, Renaud Allard wrote: > Hello, > > I have upgraded a machine to 6.8 and I saw that nginx doesn't support > TLS1.3. Is it supposed to be that way? That's the only daemon I use which > doesn't seem to support TLS1.3.
Yes, this is expected. nginx uses its own logic for handling the TLS version ranges it supports. While it could relatively easily be patched to use TLSv1.3 with LibreSSL, no one has done and tested this, so it will have to wait for the OpenBSD 6.9. (It will start using TLSv1.3 without patching once LibreSSL publicly exposes some of OpenSSL's TLSv1.3 API. This should happen relatively soon in -current). > > Best Regards >
