[Pkg-nginx-maintainers] Bug#944006: nginx-extras missing TLS1.3
Florent CARRÉ
colundrum at gmail.com
Sat Nov 2 17:15:55 GMT 2019
Package: nginx-extras
Version: 1.14.2-2+deb10u1
When I modify to have exclusively TLS1.2 and TLS1.3, just TLS1.2 is available.
Steps to reproduce :
- switch to ssl_protocols TLSv1.2 TLSv1.3
- restart nginx
- curl -v --tlsv1.3 mydomain.com
I obtain :
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS alert, protocol version (582):
* error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version
* Closing connection 0
curl: (35) error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert
protocol version
And it's available in openssl : openssl ciphers -v | grep " TLSv1\.3 "
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any
Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
Regards
More information about the Pkg-nginx-maintainers
mailing list