ssl_reject_handshake disallow TLSv1.3

Jeffrey Walton noloader at gmail.com
Wed Feb 9 02:40:13 UTC 2022


On Tue, Feb 8, 2022 at 8:02 AM Sergey Kandaurov <pluknet at nginx.com> wrote:
>
>
> > On 8 Feb 2022, at 14:15, rjvbzeoibvpzie <nginx-forum at forum.nginx.org> wrote:
> >
> > ssl_protocols  TLSv1.2 TLSv1.3;
> >
> > server {
> >    listen 443 ssl default_server;
> >    ssl_reject_handshake on;
> > }
> >
> > This does not allow ANY other server to be reached with TLSv1.3
> > [..]
>
> You didn't specify OpenSSL version, so I assume this
> belongs to https://trac.nginx.org/nginx/ticket/2071#comment:1

Also see https://github.com/openssl/openssl/issues/13291.

Jeff



More information about the nginx mailing list