NGINX only enabling TLS1.2 ?
r at roze.lv
Wed Apr 18 07:30:55 UTC 2018
> 3. Why does the protocol come up (even with the openssl command) as TLS_AES_256_GCM_SHA384 and not the TLS13 variants? ChaCha20-Poly1305 works in TLS1.2 just fine.
You can look at https://github.com/openssl/openssl/pull/5392
The default TLSv1.3 ciphersuites (and the way those are configured (https://github.com/openssl/openssl/commit/f865b08143b453962ad4afccd69e698d13c60f77) ) have been changed to: "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"
Maybe a developer can comment on this as it could be that nginx isn't fully compatible (and works just because the tlsv1.3 ciphers are always enabled) with the latest openssl pre/beta-release...
More information about the nginx