DEFAULT_VERSIONS+= ssl=openssl111
and build everything from ports. Note that this will only work for ports, it does nothing to change the OpenSSL from the base (or change any of the base SSL dependencies).This is bad news.It's not going to be included in 11.3. TLS 1.3 was added to OpenSSL 1.1.1. FreeBSD 11.3 will have OpenSSL 1.0.2s.
If you need OpenSSL 1.1.1 you can setDEFAULT_VERSIONS+= ssl=openssl111
and build everything from ports. Note that this will only work for ports, it does nothing to change the OpenSSL from the base (or change any of the base SSL dependencies).
It depends on where you need TLS 1.3 for.This is bad news.
I need tls1.3 in nginx.It depends on where you need TLS 1.3 for.
I use jail, if it is updated to FreeBSD 12.0 then jail will not start.Being devil's advocate as always, what's the requirement for 1.3? Even governments still accept 1.2 as a baseline. Seems strange to be in a situation where you can't upgrade to 12 (which isn't exactly a major change from 11), but need the bleeding edge of TLS support.
Then setI need tls1.3 in nginx.
DEFAULT_VERSIONS
and build from ports.Please explain.Then setDEFAULT_VERSIONS
and build from ports.
Set in /etc/make.conf:
Then (re)build everything from ports.Code:DEFAULT_VERSIONS+= ssl=openssl111
# pkg version | grep "openssl1"
openssl111-1.1.1c
OpenSSL> version
OpenSSL 1.0.2o-freebsd 27 Mar 2018