From b501f059761b44d4c5568916a6e8fcea0c39dd05 Mon Sep 17 00:00:00 2001
From: Wonderfall <wonderfall@schrodinger.io>
Date: Tue, 8 Aug 2017 17:59:53 +0200
Subject: [PATCH] boring-nginx: enable TLS 1.3 again

---
 boring-nginx/Dockerfile                       | 3 +++
 boring-nginx/rootfs/etc/nginx/conf/ssl_params | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/boring-nginx/Dockerfile b/boring-nginx/Dockerfile
index 0f429bd..e1960b9 100644
--- a/boring-nginx/Dockerfile
+++ b/boring-nginx/Dockerfile
@@ -76,6 +76,9 @@ RUN NB_CORES=${BUILD_CORES-$(getconf _NPROCESSORS_CONF)} \
 # BoringSSL
  && git clone https://boringssl.googlesource.com/boringssl --depth=1 \
  && cd boringssl \
+ && sed -i 's@out \([>=]\) TLS1_2_VERSION@out \1 TLS1_3_VERSION@' ssl/ssl_lib.cc \
+ && sed -i 's@ssl->version[ ]*=[ ]*TLS1_2_VERSION@ssl->version = TLS1_3_VERSION@' ssl/s3_lib.cc \
+ && sed -i 's@(SSL3_VERSION, TLS1_2_VERSION@(SSL3_VERSION, TLS1_3_VERSION@' ssl/ssl_test.cc \
  && sed -i 's@\$shaext[ ]*=[ ]*0;@\$shaext = 1;@' crypto/*/asm/*.pl \
  && sed -i 's@\$avx[ ]*=[ ]*[0|1];@\$avx = 2;@' crypto/*/asm/*.pl \
  && sed -i 's@\$addx[ ]*=[ ]*0;@\$addx = 1;@' crypto/*/asm/*.pl \
diff --git a/boring-nginx/rootfs/etc/nginx/conf/ssl_params b/boring-nginx/rootfs/etc/nginx/conf/ssl_params
index c24ea08..7647358 100644
--- a/boring-nginx/rootfs/etc/nginx/conf/ssl_params
+++ b/boring-nginx/rootfs/etc/nginx/conf/ssl_params
@@ -1,4 +1,4 @@
-ssl_protocols TLSv1.2;
+ssl_protocols TLSv1.3 TLSv1.2;
 ssl_ecdh_curve X25519:P-521:P-384;
 ssl_ciphers [EECDH+CHACHA20|EECDH+AESGCM];
 ssl_prefer_server_ciphers on;