Re: [PATCH] QUIC: removed TLSv1.3 requirement from README

Tue, 11 Apr 2023 07:30:00 -0700 

Hi,

On Mon, Apr 10, 2023 at 02:11:44PM -0700, Maxim Konovalov wrote:
> On 10.04.2023 04:47, Roman Arutyunyan wrote:
> > # HG changeset patch
> > # User Roman Arutyunyan <a...@nginx.com>
> > # Date 1681127095 -14400
> > #      Mon Apr 10 15:44:55 2023 +0400
> > # Branch quic
> > # Node ID b14b0c9887fbf22e24bd0d0449a261ced466f78c
> > # Parent  9ea62b6250f225578f703da5e230853a7a84df7d
> > QUIC: removed TLSv1.3 requirement from README.
> > 
> > TLSv1.3 is enabled by default since d1cf09451ae8.
> > 
> > diff --git a/README b/README
> > --- a/README
> > +++ b/README
> > @@ -119,10 +119,6 @@ 3. Configuration
> >           ssl_early_data on;
> > -    Make sure that TLS 1.3 is configured which is required for QUIC:
> > -
> > -        ssl_protocols TLSv1.3;
> > -
> >       To enable GSO (Generic Segmentation Offloading):
> [...]
> 
> Well, TLSv1.3 is still required.  You just don't need to add it to the list
> of ssl_protocols.  I would remove it from the config example but keep a note
> that QUIC relies on TLSv1.3.

We can keep a note, but I'd like to avoid the directive following the note.

--
Roman Arutyunyan

# HG changeset patch
# User Roman Arutyunyan <a...@nginx.com>
# Date 1681223360 -14400
#      Tue Apr 11 18:29:20 2023 +0400
# Branch quic
# Node ID 8347620e0e762c5dea99247dc70fbbffd0c6b175
# Parent  9ea62b6250f225578f703da5e230853a7a84df7d
README: revised TLSv1.3 requirement for QUIC.

TLSv1.3 is enabled by default since d1cf09451ae8.

diff --git a/README b/README
--- a/README
+++ b/README
@@ -119,10 +119,6 @@ 3. Configuration
 
         ssl_early_data on;
 
-    Make sure that TLS 1.3 is configured which is required for QUIC:
-
-        ssl_protocols TLSv1.3;
-
     To enable GSO (Generic Segmentation Offloading):
 
         quic_gso on;
@@ -135,6 +131,8 @@ 3. Configuration
 
         quic_host_key <filename>;
 
+    QUIC requires TLSv1.3 protocol, which is enabled by the default
+    by "ssl_protocols" directive.
 
     By default, GSO Linux-specific optimization [10] is disabled.
     Enable it in case a corresponding network interface is configured to
@@ -175,7 +173,6 @@ Example configuration:
 
             ssl_certificate     certs/example.com.crt;
             ssl_certificate_key certs/example.com.key;
-            ssl_protocols       TLSv1.3;
 
             location / {
                 # required for browsers to direct them into quic port

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply via email to