CarterLi/nginx-tls13.diff

## nginx-tls13.diff
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index c4454fc..8a597c2 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -644,6 +644,12 @@ ngx_ssl_ciphers(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *ciphers,
         return NGX_ERROR;
     }

+    if (SSL_CTX_set_ciphersuites(ssl->ctx, "TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_CHACHA20_POLY1305_SHA256") == 0) {
+        ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
+                      "SSL_CTX_set_cipher_list(\"TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_CHACHA20_POLY1305_SHA256\") failed");
+        return NGX_ERROR;
+    }
+
     if (prefer_server_ciphers) {
         SSL_CTX_set_options(ssl->ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
     }
	diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
	index c4454fc..8a597c2 100644
	--- a/src/event/ngx_event_openssl.c
	+++ b/src/event/ngx_event_openssl.c
	@@ -644,6 +644,12 @@ ngx_ssl_ciphers(ngx_conf_t cf, ngx_ssl_t ssl, ngx_str_t *ciphers,
	return NGX_ERROR;
	}

	+ if (SSL_CTX_set_ciphersuites(ssl->ctx, "TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_CHACHA20_POLY1305_SHA256") == 0) {
	+ ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
	+ "SSL_CTX_set_cipher_list(\"TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_CHACHA20_POLY1305_SHA256\") failed");
	+ return NGX_ERROR;
	+ }
	+
	if (prefer_server_ciphers) {
	SSL_CTX_set_options(ssl->ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
	}