Skip to content

We should have ability to specify supported TLS protocol versions

Currently, it is not possible to specify supported TLS protocols versions. In some environments it might be required or, at least, useful. In particular, only TLSv1.3 and higher should be used for XoT.

We could model the behaviour for configuring this from e.g NGINX. It has ssl_protocols option where multiple TLS protocol versions could be specified. It could look like this:

tls some-tls {
    ...
    protocols {TLSv1.2, TLSv1.3};
    ...
};

It is going to be useful for both DoH and DoT.

The issue is a half of #2775 (closed).

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information