0

I'm hosting at Digital Ocean with Ubuntu 18.04, Nginx version 1.17.6, OpenSSL version 1.1.1 . - I believe those satisfy requirements for TLS 1.3.

In my /etc/nginx/nginx.conf file I added TLSv1.3 like so: ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;

I have not changed anything in /etc/nginx/sites-available/website.com .

When I test my site in SSL Labs and elsewhere, TLSv1.3 is not working. It's still using TLSv1.2.

I checked nginx -V, and --with-openSSL argument is not listed. Not sure if I have to rebuild my nginx with that flag.

Any pointers would be appreciated

UPDATE: I rebuilt Nginx from source with OpenSSL 1.1.1. Still not working.

geochanto
  • 972
  • 2
  • 13
  • 45

1 Answers1

1

Found the solution after much digging. I had to update /etc/letsencrypt/options-ssl-nginx.conf and add ssl protocols TLSv1.3 there, as well as add to ssl_ciphers TLS 1.3 ciphers TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:

geochanto
  • 972
  • 2
  • 13
  • 45
  • can you provide the full SSL ciphers which you used and can you please provide the doc where you referred? I am also doing the same thing you did but no changes – jayaprakash R Apr 11 '22 at 07:23
  • 1
    @jayaprakashR I'm afraid this was so long ago that I've forgotten most of what I did... so can't really help you beyound what's already mentioned here. – geochanto Apr 11 '22 at 23:06
  • What I do see for a site where I have a working TLSv1.3, is this config in my nginx.conf: ```ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on;``` – geochanto Apr 11 '22 at 23:17