[boring-nginx] update Dockerfile

2025-04-19 20:09:16 +00:00 · 2018-04-13 17:32:19 +02:00 · 2018-04-13 17:32:19 +02:00 · 2196a24f96
commit 2196a24f96
parent 6fd18a0633
2 changed files with 4 additions and 6 deletions
--- a/boring-nginx/Dockerfile
+++ b/boring-nginx/Dockerfile
@ -64,12 +64,10 @@ RUN NB_CORES=${BUILD_CORES-$(getconf _NPROCESSORS_CONF)} \
 && cd /tmp && git clone https://github.com/openresty/headers-more-nginx-module --depth=1 \
 && git clone https://boringssl.googlesource.com/boringssl --depth=1 \
 && cd boringssl \
- && sed -i 's@out \([>=]\) TLS1_2_VERSION@out \1 TLS1_3_VERSION@' ssl/ssl_lib.cc \
 && sed -i 's@ssl->version[ ]*=[ ]*TLS1_2_VERSION@ssl->version = TLS1_3_VERSION@' ssl/s3_lib.cc \
- && sed -i 's@(SSL3_VERSION, TLS1_2_VERSION@(SSL3_VERSION, TLS1_3_VERSION@' ssl/ssl_test.cc \
- && sed -i 's@\$shaext[ ]*=[ ]*0;@\$shaext = 1;@' crypto/*/asm/*.pl \
- && sed -i 's@\$avx[ ]*=[ ]*[0|1];@\$avx = 2;@' crypto/*/asm/*.pl \
- && sed -i 's@\$addx[ ]*=[ ]*0;@\$addx = 1;@' crypto/*/asm/*.pl \
+ && sed -i 's@\$shaext[ ]*=[ ]*0;@\$shaext = 1;@' crypto/*/*/asm/*.pl \
+ && sed -i 's@\$avx[ ]*=[ ]*[0|1];@\$avx = 2;@' crypto/*/*/asm/*.pl \
+ && sed -i 's@\$addx[ ]*=[ ]*0;@\$addx = 1;@' crypto/*/*/asm/*.pl \
 && mkdir build && cd build && cmake -DCMAKE_BUILD_TYPE=Release .. \
 && make -j ${NB_CORES} && cd .. \
 && mkdir -p .openssl/lib/ && cd .openssl && ln -s ../include && cd .. \
--- a/boring-nginx/README.md
+++ b/boring-nginx/README.md
@ -9,7 +9,7 @@ This is nginx statically linked against BoringSSL, with embedded Brotli support.
 - Thanks to [Wonderfall](https://github.com/wonderfall/dockerfiles)
 - Based on Alpine Linux.
 - nginx built against **BoringSSL** with SSE/SHA, and AVX2 SIMD-instructions.
- **TLS 1.3** patch : use of TLS 1.3 DRAFT is enforced (haven't found another way yet).
+- **TLS 1.3** enabled
 - Built using hardening gcc flags.
 - Dynamic TLS records patch (cloudflare).
 - TTP/2 (+NPN) support.