nginx 1.18.0 implicitly enables TLS 1.3 (with only "ssl_protocols TLSv1.2; " in nginx.conf config)

Maxim Dounin mdounin at
Mon Nov 30 22:39:15 UTC 2020


On Mon, Nov 30, 2020 at 06:41:18PM +0100, Andreas Bartelt wrote:

> On 11/30/20 4:07 PM, Maxim Dounin wrote:
> > Hello!
> > 
> > On Sun, Nov 29, 2020 at 04:01:07PM +0100, nginx at wrote:
> > 
> >> I've noticed that nginx 1.18.0 always enables TLS 1.3 even if not
> >> configured to do so. I've observed this behavior on OpenBSD with (nginx
> >> 1.18.0 linked against LibreSSL 3.3.0) and on Ubuntu 20.04 (nginx 1.18.0
> >> linked against OpenSSL 1.1.1f). I don't know which release of nginx
> >> introduced this bug.
> >>
> >>   From nginx.conf:
> >> ssl_protocols TLSv1.2;
> >> --> in my understanding, this config statement should only enable TLS
> >> 1.2 but not TLS 1.3. However, the observed behavior is that TLS 1.3 is
> >> implicitly enabled in addition to TLS 1.2.
> > 
> > As long as "ssl_protocols TLSv1.2;" is the only ssl_protocols in
> > nginx configuration, TLSv1.3 shouldn't be enabled.  Much like when
> > there are no "ssl_protocols" at all, as TLSv1.3 isn't enabled by
> > default (for now, at least up to and including nginx 1.19.5).
> > 
> I've just retested this with my Ubuntu 20.04 based nginx test instance 
> from yesterday (nginx 1.18.0 linked against OpenSSL 1.1.1f) and noticed 
> that it works there as intended (i.e., "ssl_protocols TLSv1.2;" only 
> enables TLS 1.2 but not TLS 1.3). I don't know what I did wrong there 
> yesterday -- sorry for this.
> However, the problem persists on OpenBSD current with nginx 1.18.0 
> (built from ports with default options which links against LibreSSL 
> 3.3.0 from base). Setting "ssl_protocols TLSv1.2;" enables TLS 1.2 as 
> well as TLS 1.3 there.

I don't see any problems when testing with LibreSSL 3.3.0 as 
available on and the very same configuration.  So 
it's probably something specific to your system.

Some possible reasons for the behaviour you are seeing, in no 
particular order:

- Given that OpenBSD current and LibreSSL from base implies some 
  arbitrary version of LibreSSL, this might be something with the 
  changes present on your system but not in LibreSSL 3.3.0 

- There may be something with the port you are using to compile 
  nginx.  Consider testing nginx compiled manually.

- You are testing the wrong server (the name resolves to a 
  different IP address, or the IP address is routed to a different 
  server).  Make sure you are seeing connection on nginx side, 
  something like "return 200 $ssl_protocol;" in the appropriate 
  server block and making a "GET / HTTP/1.0" request in s_client 
  would be a good test.

- The nginx version running differs from the one on disk, and you 
  are running an nginx version older than 1.15.6 built with an old 
  LibreSSL without TLSv1.3 but running with LibreSSL 3.3.0 with 
  TLSv1.3 enabled.  Check the "Server" header in the above test.

- There might be something wrong with headers on your system.  The 
  behaviour observed might happen if SSL_OP_NO_TLSv1_3, TLS1_3_VERSION, 
  and SSL_CTX_set_min_proto_version/SSL_CTX_set_max_proto_version are 
  not defined, yet TLSv1.3 is present in the library.

Maxim Dounin

More information about the nginx mailing list