Reputation: 1002
TLS 1.3 not working on Nginx 1.17.6 / Ubuntu 18.04 / OpenSSL 1.1.1
I'm hosting at Digital Ocean with Ubuntu 18.04, Nginx version 1.17.6, OpenSSL version 1.1.1 . - I believe those satisfy requirements for TLS 1.3.
In my /etc/nginx/nginx.conf file I added TLSv1.3 like so:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
I have not changed anything in /etc/nginx/sites-available/website.com .
When I test my site in SSL Labs and elsewhere, TLSv1.3 is not working. It's still using TLSv1.2.
I checked nginx -V, and --with-openSSL argument is not listed. Not sure if I have to rebuild my nginx with that flag.
Any pointers would be appreciated
UPDATE: I rebuilt Nginx from source with OpenSSL 1.1.1. Still not working.
Upvotes: 0
Views: 1337
Answers (1)
Reputation: 1002
Found the solution after much digging. I had to update /etc/letsencrypt/options-ssl-nginx.conf and add ssl protocols TLSv1.3 there, as well as add to ssl_ciphers TLS 1.3 ciphers TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:
Upvotes: 1
Related Questions
- Enable SSLv3 in nginx on debian server
- I have followed all instructions but cannot get TLS 1.3 on NGINX to show
- How to enable back TLSv1 and TLSv1.1 on nginx?
- SSL alert number 70 with TLSv1.3
- Nginx-1.19.6 + Openssl 1.1.1i - Can't do SSL handshake
- Nginx with TLS 1.3
- Nginx 1.15.6 with openssl 1.1.1 , EarlyData not sent
- TLS 1.3 not working eventhough everything seems ok
- How to disable TLS 1.0 in NGINX?
- nginx critical error with SSL handshaking