tlsv1.3-nginx

nginxcompile-openssl.sh is a script that compiles nginx 1.25.4 with openssl 3.2.1, brotli and dynamic tls records support. Updated to support http/3.

snippet of nginx config for openssl:

# SSL
ssl_dyn_rec_enable on;
ssl_ecdh_curve X25519:secp521r1:secp384r1:prime256v1;

# QUIC
http3 on;
quic_retry on;

# modern configuration
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE+AESGCM;
ssl_conf_command Options PrioritizeChaCha;
ssl_conf_command Options KTLS;

# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
resolver 127.0.0.1 [::1] valid=60s;
resolver_timeout 2s;

nginxcompile-boringssl.sh is a script that compiles nginx 1.25.4 with the latest version of boringssl, brotli and dynamic tls records support. This adds support for http/3 and X25519Kyber768Draft00.

snippet of nginx config for boringssl:

# SSL
ssl_dyn_rec_enable on;
ssl_ecdh_curve X25519Kyber768Draft00:X25519:P-521:P-384:P-256;

# QUIC
http3 on;
quic_retry on;

# modern configuration
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers [ECDHE-ECDSA-AES256-GCM-SHA384|ECDHE-RSA-AES256-GCM-SHA384]:[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-RSA-AES128-GCM-SHA256];

Name		Name	Last commit message	Last commit date
Latest commit History 90 Commits
README.md		README.md
nginxcompile-boringssl.sh		nginxcompile-boringssl.sh
nginxcompile-openssl.sh		nginxcompile-openssl.sh
setup-ubuntu		setup-ubuntu

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

tlsv1.3-nginx

About

Releases

Packages

Languages

i81b4u/tlsv1.3-nginx

Folders and files

Latest commit

History

Repository files navigation

tlsv1.3-nginx

About

Topics

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages