Skip to content

feat: add variable to enable or disable TLS 1.3 for iOS app support #2213

@JanMalte

Description

@JanMalte

As the iOS app is currently not supporting TL 1.3, an option to disable TLS 1.3 on the web server would be good.

As the ssl_protocols nginx setting can not be overwritten by later occurences, the default SSL config has to support this.

ssl_protocols TLSv1.2 TLSv1.3;

Maybe something like this

# protocols
# Mozilla Guideline v5.6, nginx 1.14.2, OpenSSL 1.1.1d, intermediate configuration, no OCSP
# https://ssl-config.mozilla.org/#server=nginx&version=1.14.2&config=intermediate&openssl=1.1.1d&ocsp=false&guideline=5.6
{{ if .Env.DISABLE_TLS_V13 | default "0" | toBool }}
ssl_protocols TLSv1.2;
{{ else }}
ssl_protocols TLSv1.2 TLSv1.3;
{{ end }}
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;

More information:

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions