Skip to content
GitLab
Closed
Created by Artem Boldariev@artemOwner

We should have ability to specify supported TLS protocol versions

Currently, it is not possible to specify supported TLS protocols versions. In some environments it might be required or, at least, useful. In particular, only TLSv1.3 and higher should be used for XoT.

We could model the behaviour for configuring this from e.g NGINX. It has ssl_protocols option where multiple TLS protocol versions could be specified. It could look like this:

tls some-tls {
    ...
    protocols {TLSv1.2, TLSv1.3};
    ...
};

It is going to be useful for both DoH and DoT.

The issue is a half of #2775 (closed).