Why does the nginx.org main site not supporting TLS v1.3?

David Hu D4v1d_4n0 at protonmail.ch
Fri Jan 22 04:50:15 UTC 2021 

So I have to downgrade to TLS v1.2. The full command input and the connection process can be shown as follows:
./curl -vvvvv --http2-prior-knowledge --tlsv1.2 https://nginx.org
*   Trying 52.58.199.22:443...
* Connected to nginx.org (52.58.199.22) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: D:\curl-7.74.0_2-win64-mingw\bin\curl-ca-bundle.crt
*  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=nginx.org
*  start date: Oct 29 16:45:05 2020 GMT
*  expire date: Jan 27 16:45:05 2021 GMT
*  subjectAltName: host "nginx.org" matched cert's "nginx.org"
*  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
*  SSL certificate verify ok.
> GET / HTTP/1.1
> Host: nginx.org
> User-Agent: curl/7.74.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.19.0
< Date: Fri, 22 Jan 2021 04:43:32 GMT
< Content-Type: text/html; charset=utf-8
< Content-Length: 12676
< Last-Modified: Tue, 15 Dec 2020 14:58:52 GMT
< Connection: keep-alive
< Keep-Alive: timeout=15
< ETag: "5fd8cf2c-3184"
< Accept-Ranges: bytes
<



So I neogotiate with your server to force use HTTP/2 (i.e. H2) and ALPN is offering H2 and HTTP/1.1 but at the finally I only get the HTTP version HTTP/1.1 not H2. The same cURL specs and versions and specs as the above message. What have I done wrong or if it is your problem?

Thanks again.
Regards,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20210122/6fa6fca4/attachment.bin>

More information about the nginx mailing list