TLS 1.3 not offered and downgraded to a weaker protocol
Kaushal Shriyan
kaushalshriyan at gmail.com
Thu Mar 12 03:48:57 UTC 2020
Hi,
I am running nginx version: nginx/1.16.1 on CentOS Linux release 7.7.1908
(Core). I have configured *ssl_protocols TLSv1.2 TLSv1.3*; in
/etc/nginx/nginx.conf.
#nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Now when I am running testssl.sh (https://testssl.sh/) which is a Testing
TLS/SSL encryption tool, I see the below output
Testing protocols via sockets except NPN+ALPN
> SSLv2 not offered (OK)
> SSLv3 not offered (OK)
> TLS 1 not offered
> TLS 1.1 not offered
> TLS 1.2 offered (OK)
> TLS 1.3 not offered and downgraded to a weaker protocol
> NPN/SPDY h2, http/1.1 (advertised)
> ALPN/HTTP2 h2, http/1.1 (offered)
Any clue regarding "TLS 1.3 not offered and downgraded to a weaker
protocol" ? Please let me know if you need any additional information.
Thanks in advance and I look forward to hearing from you.
Best Regards,
Kaushal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20200312/5a0a42e9/attachment.htm>
More information about the nginx
mailing list