id,summary,reporter,owner,description,type,status,priority,milestone,component,version,resolution,keywords,cc,uname,nginx_version 1901,Can not specify cipher list of just 'TLSv1.3',jkman340@…,,"I was testing different scenarios with using TLSv1.2 and TLSv1.3 and I can across a strange issue when specifying just TLSv1.3 for the cipher list. For example, in my site if i set the following: ssl_protocols TLSv1.3; ssl_ciphers TLSv1.3; The server fails to start with the error: nginx: [emerg] SSL_CTX_set_cipher_list(""TLSv1.3"") failed (SSL: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match) However, I am able to specify the following: ssl_protocols TLSv1.2; ssl_ciphers TLSv1.2; OR ssl_protocols TLSv1.3 TLSv1.2; ssl_ciphers TLSv1.2:TLSv1.3; and the server will start successfully. I am not sure why it is throwing an error on the first scenario, seems like a valid cipher list to me (And works with openssl).",defect,closed,minor,,other,1.17.x,invalid,,,Linux dev-01 4.4.0-170-generic #199-Ubuntu SMP Thu Nov 14 01:45:04 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux,"nginx version: nginx/1.17.6 built by gcc 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.12) built with OpenSSL 1.1.1d 10 Sep 2019 TLS SNI support enabled configure arguments: --with-openssl=/usr/local/src/nginx/openssl-1.1.1d --without-http_ssi_module --without-http_userid_module --without-http_geo_module --without-http_auth_basic_module --without-http_fastcgi_module --without-http_uwsgi_module --without-http_scgi_module --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --with-pcre --with-http_ssl_module --with-stream --with-stream_ssl_module"