TLS 1.2
Yorgos Thessalonikefs
yorgos at nlnetlabs.nl
Tue Mar 3 10:23:10 UTC 2026
Hi Håvard,
Indeed, you would be able to selectively enable the version(s) you want
to support with the new 'tls-protocols' option.
By default both 1.2 and 1.3.
Best regards,
-- Yorgos
On 03/03/2026 10:11, Havard Eidnes wrote:
>> There is now this PR [1] that addresses some issues around TLS
>> protocol configuration.
>> Among other things it:
>> - introduces a new `tls-protocols` configuration option,
>> - brings back TLS1.2 support by default.
>>
>> This will be included in the next feature release of Unbound, probably
>> 1.25.0.
>
> While I acknowledge there may be cases where this is desireable
> or necessary, SSLlabs.com's checker then downgrades your rating.
>
> I'm hoping that the way to re-establish TLS1.3-only is
> well-documented and possibly also mentioned in the release
> notes...
>
> Best regards,
>
> - Håvard
More information about the Unbound-users
mailing list