On 18/10/20 11:40 +0200, Theo Buehler wrote:
> On Sun, Oct 18, 2020 at 11:30:02AM +0200, Renaud Allard wrote:
> > Hello,
> >
> > I have upgraded a machine to 6.8 and I saw that nginx doesn't support
> > TLS1.3. Is it supposed to be that way? That's the only daemon I use which
> > doesn't seem to support TLS1.3.
>
> Yes, this is expected. nginx uses its own logic for handling the TLS
> version ranges it supports. While it could relatively easily be patched
> to use TLSv1.3 with LibreSSL, no one has done and tested this, so it
> will have to wait for the OpenBSD 6.9.
>
> (It will start using TLSv1.3 without patching once LibreSSL publicly
> exposes some of OpenSSL's TLSv1.3 API. This should happen relatively
> soon in -current).
You can try this:
cvs server: Diffing .
Index: Makefile
===================================================================
RCS file: /cvs/ports/www/nginx/Makefile,v
retrieving revision 1.145
diff -u -p -u -r1.145 Makefile
--- Makefile 27 Jul 2020 14:33:15 -0000 1.145
+++ Makefile 18 Oct 2020 10:22:47 -0000
@@ -21,7 +21,7 @@ VERSION= 1.18.0
DISTNAME= nginx-${VERSION}
CATEGORIES= www
-REVISION-main= 0
+REVISION-main= 1
REVISION-xslt= 0
VERSION-rtmp= 1.2.1
@@ -122,6 +122,8 @@ SUBST_VARS= NGINX_DIR
.for i in ${MODULE_PACKAGES}
PREFIX$i= ${NGINX_DIR}/modules
.endfor
+
+CFLAGS+= -DTLS1_3_VERSION=0x0304
CFLAGS+= -Wall -Wpointer-arith \
-I "${LOCALBASE}/include/libxml2" \
