> On Sep 4, 2020, at 9:07 PM, Theo Buehler <t...@theobuehler.org> wrote:
>
> On Fri, Sep 04, 2020 at 08:48:48PM -0700, na...@airpost.net wrote:
>> This is TLS v1.2 & 1.3 now. Delete it here, since the referenced man page is
>> updated.
>
> Thanks, I'm ok with this diff. I had the diff below in my tree for a
> long time (I think it was prompted by a question of tj). I did mention
> the defaults since the other tls options (except client ca) do:
>
> Index: httpd.conf.5
> ===================================================================
> RCS file: /var/cvs/src/usr.sbin/httpd/httpd.conf.5,v
> retrieving revision 1.112
> diff -u -p -r1.112 httpd.conf.5
> --- httpd.conf.5 24 Aug 2020 15:49:10 -0000 1.112
> +++ httpd.conf.5 26 Aug 2020 06:41:31 -0000
> @@ -649,12 +649,10 @@ is empty, OCSP stapling will not be used
> The default is to not use OCSP stapling.
> .It Ic protocols Ar string
> Specify the TLS protocols to enable for this server.
> -If not specified, the value
> -.Qq default
> -will be used (secure protocols; TLSv1.2-only).
> Refer to the
> .Xr tls_config_parse_protocols 3
> -function for other valid protocol string values.
> +function for valid protocol string values.
> +By default, TLSv1.3 and TLSv1.2 will be used.
> .It Ic ticket lifetime Ar seconds
> Enable TLS session tickets with a
> .Ar seconds
You’re right about the other options listing their defaults. Good to keep it
consistent, I’d go with your diff.
