If it's not in the manpage it's probably not there. I did gave a quick look through the relayd source, but from what I saw there's no TLS1.3 support there.
On 4/30/20 3:55 PM, Chad Hoolie wrote: > Any idea about relayd though? I don't see any mentioning of 1.3 in man > relayd.conf: > > tls > no tlsv1.2 > Disable the TLSv1.2 protocol. The default is to enable > TLSv1.2. > > sslv3 Enable the SSLv3 protocol. The default is no sslv3. > > tlsv1 Enable all TLSv1 protocols. This is an alias that > includes tlsv1.0, tlsv1.1, and tlsv1.2. The default is > no tlsv1. > > tlsv1.0 > Enable the TLSv1.0 protocol. The default is no tlsv1.0. > > tlsv1.1 > Enable the TLSv1.1 protocol. The default is no tlsv1.1. > > --Chad > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > On Thursday, April 30, 2020 3:04 PM, Martijn van Duren > <openbsd+m...@list.imperialat.at> wrote: > >> On 4/30/20 1:19 PM, Chad Hoolie wrote: >> >>> Hello, >>> I'm using httpd with acme-client and Let's Encrypt >>> (https://www.romanzolotarev.com/openbsd/acme-client.html). >>> This setup, however, only seems to support TLS 1.2, whereas TLS 1.3 is >>> needed to achieve A+ ratings across the board. >>> Anybody know how to make the upgrade? >>> --Chad >> >> httpd(8): >> protocols string Specify the TLS protocols to enable for this server. >> If not specified, the value "default" will be used (secure protocols; >> TLSv1.2-only). Refer to the tls_config_parse_protocols(3) function for >> other valid protocol string values. >> >> tls_config_parse_protocols(3): >> Valid keywords are tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3, all (all >> supported protocols), >> >> untested, but seems pretty self-explanatory. > >
