From b877b1e8c7de4f266b26e40753dcf4db041954f5 Mon Sep 17 00:00:00 2001
From: VirtuBox <thomas@virtubox.net>
Date: Tue, 8 Oct 2019 17:50:51 +0200
Subject: [PATCH] Add TLS 1.3 0-RTT nginx configuration

---
 wo/cli/templates/nginx-core.mustache | 1 +
 wo/cli/templates/tweaks.mustache     | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/wo/cli/templates/nginx-core.mustache b/wo/cli/templates/nginx-core.mustache
index 096a599..5de705c 100644
--- a/wo/cli/templates/nginx-core.mustache
+++ b/wo/cli/templates/nginx-core.mustache
@@ -55,6 +55,7 @@ http {
 	ssl_session_cache shared:SSL:50m;
 	ssl_session_tickets off;
 	ssl_prefer_server_ciphers on;
+    ssl_early_data on;
 	{{#tls13}}ssl_ciphers 'TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+AESGCM:EECDH+CHACHA20';
 	ssl_protocols TLSv1.2 TLSv1.3;{{/tls13}}
 	ssl_ecdh_curve X25519:P-521:P-384:P-256;
diff --git a/wo/cli/templates/tweaks.mustache b/wo/cli/templates/tweaks.mustache
index 6f7f56f..ea2ee2b 100644
--- a/wo/cli/templates/tweaks.mustache
+++ b/wo/cli/templates/tweaks.mustache
@@ -27,3 +27,8 @@
 	open_file_cache_min_uses 2;
 	open_file_cache_valid 120s;
 	open_log_file_cache max=10000 inactive=30s min_uses=2;
+
+	ssl_dyn_rec_size_hi 4229;
+	ssl_dyn_rec_size_lo 1369;
+	ssl_dyn_rec_threshold 40;
+	ssl_dyn_rec_timeout 1000;