nginx 1.18.0 implicitly enables TLS 1.3 (with only "ssl_protocols TLSv1.2; " in nginx.conf config)

Andreas Bartelt nginx at bartelt.name
Mon Nov 30 17:41:18 UTC 2020 

On 11/30/20 4:07 PM, Maxim Dounin wrote:
> Hello!
> 
> On Sun, Nov 29, 2020 at 04:01:07PM +0100, nginx at bartelt.name wrote:
> 
>> I've noticed that nginx 1.18.0 always enables TLS 1.3 even if not
>> configured to do so. I've observed this behavior on OpenBSD with (nginx
>> 1.18.0 linked against LibreSSL 3.3.0) and on Ubuntu 20.04 (nginx 1.18.0
>> linked against OpenSSL 1.1.1f). I don't know which release of nginx
>> introduced this bug.
>>
>>   From nginx.conf:
>> ssl_protocols TLSv1.2;
>> --> in my understanding, this config statement should only enable TLS
>> 1.2 but not TLS 1.3. However, the observed behavior is that TLS 1.3 is
>> implicitly enabled in addition to TLS 1.2.
> 
> As long as "ssl_protocols TLSv1.2;" is the only ssl_protocols in
> nginx configuration, TLSv1.3 shouldn't be enabled.  Much like when
> there are no "ssl_protocols" at all, as TLSv1.3 isn't enabled by
> default (for now, at least up to and including nginx 1.19.5).
> 

I've just retested this with my Ubuntu 20.04 based nginx test instance 
from yesterday (nginx 1.18.0 linked against OpenSSL 1.1.1f) and noticed 
that it works there as intended (i.e., "ssl_protocols TLSv1.2;" only 
enables TLS 1.2 but not TLS 1.3). I don't know what I did wrong there 
yesterday -- sorry for this.

However, the problem persists on OpenBSD current with nginx 1.18.0 
(built from ports with default options which links against LibreSSL 
3.3.0 from base). Setting "ssl_protocols TLSv1.2;" enables TLS 1.2 as 
well as TLS 1.3 there.

> If you see it enabled, please provide full "nginx -T" output on
> the minimal configuration you are able to reproduce the problem
> with, along with some tests which demonstrate that TLSv1.3 is
> indeed enabled.  Full output of "nginx -V" and compilation
> details might be also helpful.
> 

The following output is from the OpenBSD current / nginx 1.18.0 / 
LibreSSL 3.3.0 instance after minimizing nginx.conf:

# nginx -V
nginx version: nginx/1.18.0
built with LibreSSL 3.3.0
TLS SNI support enabled
configure arguments: 
--add-dynamic-module=/usr/ports/pobj/nginx-1.18.0/nginx-1.18.0/lua-nginx-module 
--add-dynamic-module=/usr/local/lib/phusion-passenger27/src/nginx_module 
--add-dynamic-module=/usr/ports/pobj/nginx-1.18.0/nginx-rtmp-module-1.2.1/ 
--prefix=/var/www --conf-path=/etc/nginx/nginx.conf 
--sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid 
--lock-path=/var/run/nginx.lock --http-log-path=logs/access.log 
--error-log-path=logs/error.log 
--http-client-body-temp-path=/var/www/cache/client_body_temp 
--http-proxy-temp-path=/var/www/cache/proxy_temp 
--http-fastcgi-temp-path=/var/www/cache/fastcgi_temp 
--http-scgi-temp-path=/var/www/cache/scgi_temp 
--http-uwsgi-temp-path=/var/www/cache/uwsgi_temp --user=www --group=www 
--with-http_auth_request_module --with-http_dav_module 
--with-http_image_filter_module=dynamic --with-http_gzip_static_module 
--with-http_gunzip_module --with-http_perl_module=dynamic 
--with-http_realip_module --with-http_slice_module 
--with-http_ssl_module --with-http_stub_status_module 
--with-http_v2_module --with-http_xslt_module=dynamic 
--with-mail=dynamic --with-stream=dynamic --with-stream_ssl_module 
--add-dynamic-module=/usr/ports/pobj/nginx-1.18.0/nginx-1.18.0/naxsi/naxsi_src/ 
--add-dynamic-module=/usr/ports/pobj/nginx-1.18.0/nginx-1.18.0/ngx_devel_kit 
--add-dynamic-module=/usr/ports/pobj/nginx-1.18.0/nginx-1.18.0/headers-more-nginx-module 
--add-dynamic-module=/usr/ports/pobj/nginx-1.18.0/nginx-1.18.0/nginx-auth-ldap 
--add-dynamic-module=/usr/ports/pobj/nginx-1.18.0/nginx-1.18.0/ngx_http_geoip2_module 
--add-dynamic-module=/usr/ports/pobj/nginx-1.18.0/nginx-1.18.0/ngx_http_hmac_secure_link_module

# nginx -T 

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
user www;

events {
     worker_connections  100;
}

http {
     server {
         listen 37.24.253.138:443 ssl;
         server_name  www.bartelt.name;
         root         /var/www/www.bartelt.name;
         ssl_certificate      /etc/ssl/www.bartelt.name_chain.pem;
         ssl_certificate_key  /etc/ssl/private/bartelt.name.key;

	ssl_protocols TLSv1.2;
         ssl_ciphers 
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384;
         ssl_prefer_server_ciphers   off;
	ssl_ecdh_curve prime256v1;
     }
}

$ openssl s_client -connect www.bartelt.name:443 -servername 
www.bartelt.name
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = bartelt.name
verify return:1
depth=0 CN = bartelt.name
verify return:1
write W BLOCK
---
Certificate chain
  0 s:/CN=bartelt.name
    i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
  1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
    i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEqjCCA5KgAwIBAgISBLtqQEpDJAi3a8TVwzuKd3PaMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDExMjkxMTA5NTlaFw0y
MTAyMjcxMTA5NTlaMBcxFTATBgNVBAMTDGJhcnRlbHQubmFtZTBZMBMGByqGSM49
AgEGCCqGSM49AwEHA0IABDDLZa3XObj0MBoMCQ3IRbHzEWPfyuSU9drHo6PU2M3M
rW6mIlDVEoHJISehoFEKVerOyBCCM3UDPJs7IV0aukijggKGMIICgjAOBgNVHQ8B
Af8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB
/wQCMAAwHQYDVR0OBBYEFAfzC26Rpd53q7GMmZWk7x2P9zM4MB8GA1UdIwQYMBaA
FKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEBBGMwYTAuBggrBgEFBQcw
AYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9yZzAvBggrBgEFBQcw
AoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8wKQYDVR0RBCIw
IIIMYmFydGVsdC5uYW1lghB3d3cuYmFydGVsdC5uYW1lMBEGCCsGAQUFBwEYBAUw
AwIBBTBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsG
AQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkC
BAIEgfUEgfIA8AB2AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT/TM5a1toGoAAAB
dhPo6R0AAAQDAEcwRQIgHtCa0Dw0JwNWqxtNy9VGJPkle4ngTsO/q3uZ8NEOGEoC
IQD5SayDysdXj6raQ0wrNbcml8+DW/5vp5s1FYL65znWugB2APZclC/RdzAiFFQY
CDCUVo7jTRMZM7/fDC8gC8xO8WTjAAABdhPo6SIAAAQDAEcwRQIhALVOCq7NUhCs
4T/FxGuGcY/hqwvJ1Z55jHlI5ZEukAd5AiAKjdQxFpZ+0YVo016+4skOR3bOKodc
3pvBPLQC0cpIWzANBgkqhkiG9w0BAQsFAAOCAQEAmuKb/dOrQO7O/nDAaKrPuT8Y
EgUNEKAb27SBiSC0BkUbFFNkhW6z9wKDY6kblkhbcqzVuOrlaMTQ1IS9bxQ9MjfI
V7tkBZGC39fYNXup6PQdZVI2Ko/b+ywmbDfqYXFnb/sg6G4qJgVLgs3839ksMpRH
gWIhAGbmSatri3YBicVmYdoiXFG2moskH25TQDoW1pROMqwNy8MTAePICJH0LdWv
aSlVgoqV6NBDRqTXMVbZlejrURf+VZ8jxt+TgKIbkmTOcsztHqh0T/5LcC+1cqxD
an4zT9et1MvgsvRGHS3UYGjJ1euuJ4Itg15XODcVDxNLL0csEsPSySfAt8W5dQ==
-----END CERTIFICATE-----
subject=/CN=bartelt.name
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2878 bytes and written 737 bytes
---
New, TLSv1/SSLv3, Cipher is AEAD-AES256-GCM-SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
     Protocol  : TLSv1.3
     Cipher    : AEAD-AES256-GCM-SHA384
     Session-ID:
     Session-ID-ctx:
     Master-Key:
     Start Time: 1606757614
     Timeout   : 7200 (sec)
     Verify return code: 0 (ok)
---
^C

Best regards
Andreas

More information about the nginx mailing list