<div dir="ltr"><div>I figured it out. One of the servers that is listening on 443 uses "ssl_reject_handshake on;" and thus I didn't define an ssl_certificate + ssl_certificate_key + ssl_trusted_certificate as it is not (and should not be) required. For some reason, this disabled TLS1.3 for all servers quite unexpectedly. Adding all three variables and keeping the ssl_reject_handshake, re-enabled TLS1.3 (eventhough TLS1.2 works fine in both cases). Could this be a bug?</div><div><br></div><div>Kind regards,<div>Taco de Wolff</div></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Op di 19 mrt 2024 om 09:39 schreef Taco de Wolff <<a href="mailto:tacodewolff@gmail.com">tacodewolff@gmail.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>Hi,</div><div><br></div><div>I'm using Nginx 1.25.4 with the OpenSSL 1.1.1k FIPS build on CentOS Stream 8 (FIPS not enabled). I have checked that the OpenSSL library can connect to other services using TLS1.3 and Postfix + Dovecot work fine on TLS1.3 as well, but Nginx doesn't seem to enable TLS1.3 as reported by SSLLabs and by checking manually using:</div><div><br></div><div>$ openssl s_client -connect <a href="http://domain.com:443" target="_blank">domain.com:443</a> -tls1_3</div><div>CONNECTED(00000003)<br>4027EC8EC57D0000:error:0A00042E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:ssl/record/rec_layer_s3.c:865:SSL alert number 70</div><div><br></div><div>TLS1.2 works fine though, and I'm sure TLS1.3 used to work but I can't figure out what has changed. The relevant configuration:</div><div><br></div><div><br></div><div>http {<br></div><div> # SSL<br></div><div> ssl_session_timeout 1d;<br> ssl_session_cache shared:SSL:32m;<br> ssl_session_tickets off;<br><br> # Diffie-Hellman parameter for DHE ciphersuites<br> ssl_dhparam /etc/nginx/dhparam.pem;<br><br> # SSL ciphers<br> ssl_protocols TLSv1.2 TLSv1.3;<br> ssl_ciphers TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;<br> #ssl_prefer_server_ciphers on;<br><br> # OCSP Stapling<br> ssl_stapling on;<br> ssl_stapling_verify on;<br> #ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;<br> resolver 1.1.1.1 1.0.0.1 208.67.222.222 208.67.220.220 valid=60s;<br> resolver_timeout 2s;</div><div><br></div><div> # HTTP3<br> http3_hq on;<br> quic_gso on;<br> quic_retry on;<br> #ssl_early_data on;</div><div><br></div><div> # ...<br></div><div>}</div><div><br></div><div>server {</div><div> listen 443 ssl;<br> listen 443 quic;<br> listen [::]:443 ssl;<br> listen [::]:443 quic;<br><br> http2 on;</div><div><br></div><div> # SSL<br> ssl_certificate /etc/pki/lego/certificates/domain.com.crt;<br> ssl_certificate_key /etc/pki/lego/certificates/domain.com.key;<br> ssl_trusted_certificate /etc/pki/lego/certificates/domain.com.issuer.crt;</div><div><br></div><div> # ...<br></div><div>}</div><div><br></div><div><br></div><div>I'm really at a loss and unsure how to proceed debugging this. What else could be the problem? Thank you for your time.<br></div><div><br></div><div></div><div><div><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">Kind regards,<div>Taco de Wolff</div></div></div></div></div></div></div></div></div></div>
</blockquote></div>