id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
1901	Can not specify cipher list of just 'TLSv1.3'	jkman340@…		"I was testing different scenarios with using TLSv1.2 and TLSv1.3 and I can across a strange issue when specifying just TLSv1.3 for the cipher list. 

For example, in my site if i set the following:
        ssl_protocols                   TLSv1.3;
        ssl_ciphers                     TLSv1.3;
The server fails to start with the error:
nginx: [emerg] SSL_CTX_set_cipher_list(""TLSv1.3"") failed (SSL: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match)

However, I am able to specify the following:
        ssl_protocols                   TLSv1.2;
        ssl_ciphers                     TLSv1.2;
OR
        ssl_protocols                   TLSv1.3 TLSv1.2;
        ssl_ciphers                     TLSv1.2:TLSv1.3;
and the server will start successfully.

I am not sure why it is throwing an error on the first scenario, seems like a valid cipher list to me (And works with openssl)."	defect	closed	minor		other	1.17.x	invalid			Linux dev-01 4.4.0-170-generic #199-Ubuntu SMP Thu Nov 14 01:45:04 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux	"nginx version: nginx/1.17.6
built by gcc 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.12) 
built with OpenSSL 1.1.1d  10 Sep 2019
TLS SNI support enabled
configure arguments: --with-openssl=/usr/local/src/nginx/openssl-1.1.1d --without-http_ssi_module --without-http_userid_module --without-http_geo_module --without-http_auth_basic_module --without-http_fastcgi_module --without-http_uwsgi_module --without-http_scgi_module --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --with-pcre --with-http_ssl_module --with-stream --with-stream_ssl_module"