TLS 1.2 and TLS1.3 extensions supported by nginx

P
preetham
  • 19 Apr '23
Hi Team,

I wanted the list of the TLS 1.2 and TLS 1.3 extensions that are currently
being supported by the Nginx. Can you please provide the same.

Regards
Preetham
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20230419/fa962cff/attachment.htm>
P
preetham
  • 19 Apr '23
If the extensive list is not available here are the specific extensions
currently I'm looking for :

TLS 1.2

| signed_certificate_timestamp, or sct (0x0012)  | [RFC6962]          |
| encrypt_then_mac (0x0016)                              | [RFC7366]
   |
| status_request (0x0005)                                    | [RFC6066]
       |
| use_srtp (0x000E)                                              |
[RFC5764]          |
| padding (0x0015)                                               |
[RFC7685]          |
| record_size_limit (0x001C)                                | [RFC8449]
     |
| trusted_ca_keys (0x0003)                                  | [RFC6066]
     |
| user_mapping (0x0006)                                     | [RFC4681]
     |
| srp (0x000C)                                                      |
[RFC5054]          |
| status_request_v2 (0x0011)                               | [RFC6961]
     |
| session_ticket (0x0023)                                     | [RFC5077]
[RFC8447]|

TLS 1.3

| signed_certificate_timestamp                  | [RFC6962] |
| status_request (0x0005)                          | [RFC6066] |
| use_srtp (0x000E)                                   | [RFC5764] |
| padding (0x0015)                                    | [RFC7685] |
| record_size_limit (0x001C)                     | [RFC8449] |
| pre_shared_key (0x0029)                       | [RFC8446] |
| psk_key_exchange_modes (0x002D)     | [RFC8446] |
| certificate_authorities (0x002F)               | [RFC8446] |
| oid_filters (0x0030)                                  | [RFC8446] |
| post_handshake_auth (0x0031)              | [RFC8446] |

Thanks and Regards
Preetham

On Wed, Apr 19, 2023 at 5:32 PM preetham g <preetham.1si12is030 at gmail.com>
wrote:

> Hi Team,
>
> I wanted the list of the TLS 1.2 and TLS 1.3 extensions that are currently
> being supported by the Nginx. Can you please provide the same.
>
> Regards
> Preetham
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20230419/3e466253/attachment.htm>
P
preetham
  • 21 Apr '23
Hi Team,

Can you please look into the below request about the TLS extensions? At
least need a confirmation about whether the below ones are supported by
Nginx or not. Please consider this a high priority.

encrypt_then_mac (0x0016)
use_srtp (0x000E)
certificate_authorities
post_handshake_auth

Thanks and regards
Preetham

On Wed, Apr 19, 2023 at 6:04 PM preetham g <preetham.1si12is030 at gmail.com>
wrote:

> If the extensive list is not available here are the specific extensions
> currently I'm looking for :
>
> TLS 1.2
>
> | signed_certificate_timestamp, or sct (0x0012)  | [RFC6962]          |
> | encrypt_then_mac (0x0016)                              | [RFC7366]
>    |
> | status_request (0x0005)                                    | [RFC6066]
>        |
> | use_srtp (0x000E)                                              |
> [RFC5764]          |
> | padding (0x0015)                                               |
> [RFC7685]          |
> | record_size_limit (0x001C)                                | [RFC8449]
>        |
> | trusted_ca_keys (0x0003)                                  | [RFC6066]
>        |
> | user_mapping (0x0006)                                     | [RFC4681]
>        |
> | srp (0x000C)                                                      |
> [RFC5054]          |
> | status_request_v2 (0x0011)                               | [RFC6961]
>      |
> | session_ticket (0x0023)                                     | [RFC5077]
> [RFC8447]|
>
>
> TLS 1.3
>
>
> | signed_certificate_timestamp                  | [RFC6962] |
> | status_request (0x0005)                          | [RFC6066] |
> | use_srtp (0x000E)                                   | [RFC5764] |
> | padding (0x0015)                                    | [RFC7685] |
> | record_size_limit (0x001C)                     | [RFC8449] |
> | pre_shared_key (0x0029)                       | [RFC8446] |
> | psk_key_exchange_modes (0x002D)     | [RFC8446] |
> | certificate_authorities (0x002F)               | [RFC8446] |
> | oid_filters (0x0030)                                  | [RFC8446] |
> | post_handshake_auth (0x0031)              | [RFC8446] |
>
> Thanks and Regards
> Preetham
>
> On Wed, Apr 19, 2023 at 5:32 PM preetham g <preetham.1si12is030 at gmail.com>
> wrote:
>
>> Hi Team,
>>
>> I wanted the list of the TLS 1.2 and TLS 1.3 extensions that are
>> currently being supported by the Nginx. Can you please provide the same.
>>
>> Regards
>> Preetham
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20230421/a96d644b/attachment.htm>
J
Jeffrey
  • 21 Apr '23
On Wed, Apr 19, 2023 at 8:03 AM preetham g
<preetham.1si12is030 at gmail.com> wrote:
>
> I wanted the list of the TLS 1.2 and TLS 1.3 extensions that are currently being supported by the Nginx. Can you please provide the same.
>

Nginx uses OpenSSL for TLS. You may want to ask the OpenSSL folks. Be
sure to tell them which version of OpenSSL you are using.

Jeff
  • Page 1 of 1
Reply