Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Support of OpenSSL 1.1.1 and TLS v1.3
OpenSSL 1.1.1 was released on 11 September 2018. This is the latest LTS (Long Term Support) release, supported until September 2023. The headline new feature of OpenSSL 1.1.1 is TLSv1.3. This new version of the Transport Layer Security (formerly known as SSL) protocol was published by the IETF as RFC8446. This is a major rewrite of the standard and introduces significant changes, features and improvements which have been reflected in the new OpenSSL version. Main changes to be considered by Cherokee webserver: - Fully compliant implementation of TLSv1.3 (RFC8446) on by default - Support for all five new RFC8446 ciphersuites (TLS v1.3) - Full support of minimum and maximum available TLS protocol version configuration Recently OS distribution maintainers have started to improve OpenSSL security by hardcoded configuration of the min. available TLS protocol version for clients that want to connect to a server using TLS encryption. Cherokee command-line option cherokee -i now reports this hardcoded setting to users. Fixes: cherokee#1256 Signed-off-by: Thomas Reim <reimth@gmail.com>
- Loading branch information