NGINX only enabling TLS1.2 ?

Reinis Rozitis r at roze.lv
Wed Apr 18 07:30:55 UTC 2018


> 3.	Why does the protocol come up (even with the openssl command) as TLS_AES_256_GCM_SHA384 and not the TLS13 variants?  ChaCha20-Poly1305 works in TLS1.2 just fine.

You can look at https://github.com/openssl/openssl/pull/5392

The default TLSv1.3 ciphersuites (and the way those are configured (https://github.com/openssl/openssl/commit/f865b08143b453962ad4afccd69e698d13c60f77) ) have been changed to: "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"

Maybe a developer can comment on this as it could be that nginx isn't fully compatible (and works just because the tlsv1.3 ciphers are always enabled) with the latest openssl pre/beta-release...

rr



More information about the nginx mailing list