diff --git a/nixos/doc/manual/release-notes/rl-1903.xml b/nixos/doc/manual/release-notes/rl-1903.xml
index 267bd9d04704..bccd6bce4edd 100644
--- a/nixos/doc/manual/release-notes/rl-1903.xml
+++ b/nixos/doc/manual/release-notes/rl-1903.xml
@@ -677,6 +677,9 @@
This may break some older applications that still rely on those symbols.
An upgrade guide can be found here.
+
+ The nginx package now relies on OpenSSL 1.1 and supports TLS 1.3 by default. You can set the protocols used by the nginx service using .
+
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix
index f688bec1426d..8474926d1790 100644
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@@ -491,8 +491,8 @@ in
sslProtocols = mkOption {
type = types.str;
- default = "TLSv1.2";
- example = "TLSv1 TLSv1.1 TLSv1.2";
+ default = "TLSv1.2 TLSv1.3";
+ example = "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3";
description = "Allowed TLS protocol versions.";
};
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index df2adea4f070..0e1ea7463dac 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -13734,12 +13734,14 @@ in
# We don't use `with` statement here on purpose!
# See https://github.com/NixOS/nixpkgs/pull/10474/files#r42369334
modules = [ nginxModules.rtmp nginxModules.dav nginxModules.moreheaders ];
+ openssl = openssl_1_1;
};
nginxMainline = callPackage ../servers/http/nginx/mainline.nix {
# We don't use `with` statement here on purpose!
# See https://github.com/NixOS/nixpkgs/pull/10474/files#r42369334
modules = [ nginxModules.dav nginxModules.moreheaders ];
+ openssl = openssl_1_1;
};
nginxModules = callPackage ../servers/http/nginx/modules.nix { };