On Fri, Sep 04, 2020 at 08:48:48PM -0700, na...@airpost.net wrote: > This is TLS v1.2 & 1.3 now. Delete it here, since the referenced man page is > updated.
Thanks, I'm ok with this diff. I had the diff below in my tree for a long time (I think it was prompted by a question of tj). I did mention the defaults since the other tls options (except client ca) do: Index: httpd.conf.5 =================================================================== RCS file: /var/cvs/src/usr.sbin/httpd/httpd.conf.5,v retrieving revision 1.112 diff -u -p -r1.112 httpd.conf.5 --- httpd.conf.5 24 Aug 2020 15:49:10 -0000 1.112 +++ httpd.conf.5 26 Aug 2020 06:41:31 -0000 @@ -649,12 +649,10 @@ is empty, OCSP stapling will not be used The default is to not use OCSP stapling. .It Ic protocols Ar string Specify the TLS protocols to enable for this server. -If not specified, the value -.Qq default -will be used (secure protocols; TLSv1.2-only). Refer to the .Xr tls_config_parse_protocols 3 -function for other valid protocol string values. +function for valid protocol string values. +By default, TLSv1.3 and TLSv1.2 will be used. .It Ic ticket lifetime Ar seconds Enable TLS session tickets with a .Ar seconds
