> On 9 Jun 2023, at 11:12, Roman Arutyunyan <a...@nginx.com> wrote: > > Patches 1 & 2 do minor cleanup in encryption code. > > Patch 3 adds TLS_AES_128_CCM_SHA256 support to QUIC, which currently is the > only cipher suite not supported by nginx QUIC implementation. It's disabled > by default in OpenSSL and can be enabled by the following directive: > > ssl_conf_command Ciphersuites TLS_AES_128_CCM_SHA256;
Note that it is disabled in Crome and Firefox, further limiting its use. https://www.ssllabs.com/ssltest/viewClient.html?name=Firefox&version=73 https://www.ssllabs.com/ssltest/viewClient.html?name=Chrome&version=80 (same for FF 114 and Chrome 114 latest versions). It appears to be enabled though in RHEL and derivatives: https://www.redhat.com/en/blog/transport-layer-security-version-13-red-hat-enterprise-linux-8 /etc/crypto-policies/back-ends/opensslcnf.config: Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256 -- Sergey Kandaurov _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
