boring-nginx: enable TLS 1.3 again

2025-04-20 04:19:18 +00:00 · 2017-08-08 17:59:53 +02:00 · 2017-08-08 17:59:53 +02:00 · b501f05976
commit b501f05976
parent 22279350f7
2 changed files with 4 additions and 1 deletions
--- a/boring-nginx/Dockerfile
+++ b/boring-nginx/Dockerfile
@ -76,6 +76,9 @@ RUN NB_CORES=${BUILD_CORES-$(getconf _NPROCESSORS_CONF)} \
 # BoringSSL
 && git clone https://boringssl.googlesource.com/boringssl --depth=1 \
 && cd boringssl \
+ && sed -i 's@out \([>=]\) TLS1_2_VERSION@out \1 TLS1_3_VERSION@' ssl/ssl_lib.cc \
+ && sed -i 's@ssl->version[ ]*=[ ]*TLS1_2_VERSION@ssl->version = TLS1_3_VERSION@' ssl/s3_lib.cc \
+ && sed -i 's@(SSL3_VERSION, TLS1_2_VERSION@(SSL3_VERSION, TLS1_3_VERSION@' ssl/ssl_test.cc \
 && sed -i 's@\$shaext[ ]*=[ ]*0;@\$shaext = 1;@' crypto/*/asm/*.pl \
 && sed -i 's@\$avx[ ]*=[ ]*[0|1];@\$avx = 2;@' crypto/*/asm/*.pl \
 && sed -i 's@\$addx[ ]*=[ ]*0;@\$addx = 1;@' crypto/*/asm/*.pl \
--- a/boring-nginx/rootfs/etc/nginx/conf/ssl_params
+++ b/boring-nginx/rootfs/etc/nginx/conf/ssl_params
@ -1,4 +1,4 @@
-ssl_protocols TLSv1.2;
+ssl_protocols TLSv1.3 TLSv1.2;
 ssl_ecdh_curve X25519:P-521:P-384;
 ssl_ciphers [EECDH+CHACHA20|EECDH+AESGCM];
 ssl_prefer_server_ciphers on;