Why does the nginx.org main site not supporting TLS v1.3?
teward at thomas-ward.net
Fri Jan 22 06:04:29 UTC 2021
So, I don't run the NGINX webserver, but I am pretty sure this is on the
remote server to serve the protocol right. SSLLabs test shows that TLS
1.3 is just not offered.
There's three other IPs (one IPv4 and two IPv6) that will very likely
reflect the same tests as well.
So to answer your original question:
> What have I done wrong or if it is your problem?
You didn't do anything wrong. TLS 1.2 is the only protocol that's
offered for SSL/TLS connections to the nginx.org site.
On 1/21/21 11:50 PM, David Hu wrote:
> So I have to downgrade to TLS v1.2. The full command input and the connection process can be shown as follows:
> ./curl -vvvvv --http2-prior-knowledge --tlsv1.2 https://nginx.org
> * Trying 22.214.171.124:443...
> * Connected to nginx.org (126.96.36.199) port 443 (#0)
> * ALPN, offering h2
> * ALPN, offering http/1.1
> * successfully set certificate verify locations:
> * CAfile: D:\curl-7.74.0_2-win64-mingw\bin\curl-ca-bundle.crt
> * CApath: none
> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
> * TLSv1.3 (IN), TLS handshake, Server hello (2):
> * TLSv1.2 (IN), TLS handshake, Certificate (11):
> * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
> * TLSv1.2 (IN), TLS handshake, Server finished (14):
> * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
> * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
> * TLSv1.2 (OUT), TLS handshake, Finished (20):
> * TLSv1.2 (IN), TLS handshake, Finished (20):
> * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
> * ALPN, server accepted to use http/1.1
> * Server certificate:
> * subject: CN=nginx.org
> * start date: Oct 29 16:45:05 2020 GMT
> * expire date: Jan 27 16:45:05 2021 GMT
> * subjectAltName: host "nginx.org" matched cert's "nginx.org"
> * issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
> * SSL certificate verify ok.
>> GET / HTTP/1.1
>> Host: nginx.org
>> User-Agent: curl/7.74.0
>> Accept: */*
> * Mark bundle as not supporting multiuse
> < HTTP/1.1 200 OK
> < Server: nginx/1.19.0
> < Date: Fri, 22 Jan 2021 04:43:32 GMT
> < Content-Type: text/html; charset=utf-8
> < Content-Length: 12676
> < Last-Modified: Tue, 15 Dec 2020 14:58:52 GMT
> < Connection: keep-alive
> < Keep-Alive: timeout=15
> < ETag: "5fd8cf2c-3184"
> < Accept-Ranges: bytes
> So I neogotiate with your server to force use HTTP/2 (i.e. H2) and ALPN is offering H2 and HTTP/1.1 but at the finally I only get the HTTP version HTTP/1.1 not H2. The same cURL specs and versions and specs as the above message. What have I done wrong or if it is your problem?
> Thanks again.
> nginx mailing list
> nginx at nginx.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx