Having trouble enabling TLSv1.3 on httpd(8)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Having trouble enabling TLSv1.3 on httpd(8)

Parker Ellertson
According to my understanding of the manpages (specifically
httpd.conf(5) and tls_config_set_protocols(3)), setting up TLSv1.3
should be just as easy as adding:

        tls {
                protocols "TLS_PROTOCOL_TLSv1_3"
        }

to the appropriate server in /etc/httpd.conf .  But when I do this,
httpd(8) doesn't come up.  Clearly I'm not setting the right variable,
but what is that variable to set?

- Parker

Reply | Threaded
Open this post in threaded view
|

Re: Having trouble enabling TLSv1.3 on httpd(8)

trondd-2
On Thu, September 3, 2020 2:18 pm, Parker Ellertson wrote:

> According to my understanding of the manpages (specifically
> httpd.conf(5) and tls_config_set_protocols(3)), setting up TLSv1.3
> should be just as easy as adding:
>
>         tls {
>                 protocols "TLS_PROTOCOL_TLSv1_3"
>         }
>
> to the appropriate server in /etc/httpd.conf .  But when I do this,
> httpd(8) doesn't come up.  Clearly I'm not setting the right variable,
> but what is that variable to set?
>
> - Parker
>

You've used an ENUM for tls_config_set_protocols(), the httpd.conf(5)
manpage said to look at tls_config_parse_protocols(), that section of the
manpage says:

The protocol string is a comma or colon separated list of keywords.
Valid keywords are tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3, all (all supported
protocols), default (an alias for secure), legacy (an alias for all) and
secure (currently TLSv1.2 and TLSv1.3).


Takes a little bit of careful reading, but that's what's documented.