hoellen/dockerfiles
1
0
Fork 0
mirror of https://github.com/hoellen/dockerfiles.git synced 2025-04-20 04:19:18 +00:00
Code Issues Projects Releases Wiki Activity

boring-nginx: enable TLS 1.3 again

Browse Source
This commit is contained in:
Wonderfall 2017-08-08 17:59:53 +02:00
parent 22279350f7
commit b501f05976
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
boring-nginx/Dockerfile
View File

@ -76,6 +76,9 @@ RUN NB_CORES=${BUILD_CORES-$(getconf _NPROCESSORS_CONF)} \
# BoringSSL # BoringSSL
&& git clone https://boringssl.googlesource.com/boringssl --depth=1 \ && git clone https://boringssl.googlesource.com/boringssl --depth=1 \
&& cd boringssl \ && cd boringssl \
&& sed -i 's@out \([>=]\) TLS1_2_VERSION@out \1 TLS1_3_VERSION@' ssl/ssl_lib.cc \
&& sed -i 's@ssl->version[ ]*=[ ]*TLS1_2_VERSION@ssl->version = TLS1_3_VERSION@' ssl/s3_lib.cc \
&& sed -i 's@(SSL3_VERSION, TLS1_2_VERSION@(SSL3_VERSION, TLS1_3_VERSION@' ssl/ssl_test.cc \
&& sed -i 's@\$shaext[ ]*=[ ]*0;@\$shaext = 1;@' crypto/*/asm/*.pl \ && sed -i 's@\$shaext[ ]*=[ ]*0;@\$shaext = 1;@' crypto/*/asm/*.pl \
&& sed -i 's@\$avx[ ]*=[ ]*[0|1];@\$avx = 2;@' crypto/*/asm/*.pl \ && sed -i 's@\$avx[ ]*=[ ]*[0|1];@\$avx = 2;@' crypto/*/asm/*.pl \
&& sed -i 's@\$addx[ ]*=[ ]*0;@\$addx = 1;@' crypto/*/asm/*.pl \ && sed -i 's@\$addx[ ]*=[ ]*0;@\$addx = 1;@' crypto/*/asm/*.pl \

2
boring-nginx/rootfs/etc/nginx/conf/ssl_params
View File

@ -1,4 +1,4 @@
ssl_protocols TLSv1.2; ssl_protocols TLSv1.3 TLSv1.2;
ssl_ecdh_curve X25519:P-521:P-384; ssl_ecdh_curve X25519:P-521:P-384;
ssl_ciphers [EECDH+CHACHA20|EECDH+AESGCM]; ssl_ciphers [EECDH+CHACHA20|EECDH+AESGCM];
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;