4

I have NGINX configured to only support TLS version 1.3 However when I go to https://check-your-website.server-daten.de/

It shows the error

Error creating a TLS-Connection: TLSv1.3 found, but no connection via TLSv1.2 possible. Please activate TLSv1.2

Isn't enabling only TLSv1.3 much safer? Why do we still need to enable TLSv1.2?

DavidH_Tech
  • 55
  • 7

1 Answers1

1

TLS 1.3 only, is possible with modern clients. Test with the oldest client version you will support for your users.

Mozilla's server TLS profiles and configuration generator remains a good resource.

John Mahowald
  • 32,050
  • 2
  • 19
  • 34
  • Yeah, I guess SSL Labs is buggy then. A server that _only_ supports TLSv1.3 only gets an A, while a server that supports both TLSv1.3 and TLSv1.2 gets a A+ – DavidH_Tech Feb 24 '22 at 16:11