NGINX only enabling TLS1.2 ?

Reinis Rozitis r at
Wed Apr 18 07:30:55 UTC 2018

> 3.	Why does the protocol come up (even with the openssl command) as TLS_AES_256_GCM_SHA384 and not the TLS13 variants?  ChaCha20-Poly1305 works in TLS1.2 just fine.

You can look at

The default TLSv1.3 ciphersuites (and the way those are configured ( ) have been changed to: "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"

Maybe a developer can comment on this as it could be that nginx isn't fully compatible (and works just because the tlsv1.3 ciphers are always enabled) with the latest openssl pre/beta-release...


More information about the nginx mailing list