Mercurial > hg > nginx
comparison README @ 9089:8347620e0e76 quic
README: revised TLSv1.3 requirement for QUIC.
TLSv1.3 is enabled by default since d1cf09451ae8.
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Tue, 11 Apr 2023 18:29:20 +0400 |
parents | c851a2ed5ce8 |
children | b9230e37b8a1 |
comparison
equal
deleted
inserted
replaced
9088:9ea62b6250f2 | 9089:8347620e0e76 |
---|---|
117 | 117 |
118 To enable 0-RTT: | 118 To enable 0-RTT: |
119 | 119 |
120 ssl_early_data on; | 120 ssl_early_data on; |
121 | 121 |
122 Make sure that TLS 1.3 is configured which is required for QUIC: | |
123 | |
124 ssl_protocols TLSv1.3; | |
125 | |
126 To enable GSO (Generic Segmentation Offloading): | 122 To enable GSO (Generic Segmentation Offloading): |
127 | 123 |
128 quic_gso on; | 124 quic_gso on; |
129 | 125 |
130 To limit maximum UDP payload size on receive path: | 126 To limit maximum UDP payload size on receive path: |
133 | 129 |
134 To set host key for various tokens: | 130 To set host key for various tokens: |
135 | 131 |
136 quic_host_key <filename>; | 132 quic_host_key <filename>; |
137 | 133 |
134 QUIC requires TLSv1.3 protocol, which is enabled by the default | |
135 by "ssl_protocols" directive. | |
138 | 136 |
139 By default, GSO Linux-specific optimization [10] is disabled. | 137 By default, GSO Linux-specific optimization [10] is disabled. |
140 Enable it in case a corresponding network interface is configured to | 138 Enable it in case a corresponding network interface is configured to |
141 support GSO. | 139 support GSO. |
142 | 140 |
173 listen 8443 quic reuseport; | 171 listen 8443 quic reuseport; |
174 listen 8443 ssl; | 172 listen 8443 ssl; |
175 | 173 |
176 ssl_certificate certs/example.com.crt; | 174 ssl_certificate certs/example.com.crt; |
177 ssl_certificate_key certs/example.com.key; | 175 ssl_certificate_key certs/example.com.key; |
178 ssl_protocols TLSv1.3; | |
179 | 176 |
180 location / { | 177 location / { |
181 # required for browsers to direct them into quic port | 178 # required for browsers to direct them into quic port |
182 add_header Alt-Svc 'h3=":8443"; ma=86400'; | 179 add_header Alt-Svc 'h3=":8443"; ma=86400'; |
183 } | 180 } |