id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
2097	Unable to enable TLSv1.3	sdranju@…		"Nginx for Windows.
Enabled TLS v1.3 however it's not getting active.

Nginx config:
        listen *:443 ssl http2;
        listen [::]:443 ssl http2;

        server_name xxx.xxxx.com;
        
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_certificate /nginx/certs/chain.pem;
        ssl_certificate_key /nginx/certs/key.pem;

        ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; 
        
        # HSTS 
        add_header Strict-Transport-Security ""max-age=63072000"" always;

        # OCSP stapling
        ssl_stapling on;
        ssl_stapling_verify on;
"	defect	closed	major		nginx-core	1.19.x	worksforme			[windows version]	"nginx version: nginx/1.19.4
built by cl 16.00.40219.01 for 80x86
built with OpenSSL 1.1.1h  22 Sep 2020
TLS SNI support enabled
configure arguments: --with-cc=cl --builddir=objs.msvc8 --with-debug --prefix= --conf-path=conf/nginx.conf --pid-path=lo
gs/nginx.pid --http-log-path=logs/access.log --error-log-path=logs/error.log --sbin-path=nginx.exe --http-client-body-te
mp-path=temp/client_body_temp --http-proxy-temp-path=temp/proxy_temp --http-fastcgi-temp-path=temp/fastcgi_temp --http-s
cgi-temp-path=temp/scgi_temp --http-uwsgi-temp-path=temp/uwsgi_temp --with-cc-opt=-DFD_SETSIZE=1024 --with-pcre=objs.msv
c8/lib/pcre-8.44 --with-zlib=objs.msvc8/lib/zlib-1.2.11 --with-http_v2_module --with-http_realip_module --with-http_addi
tion_module --with-http_sub_module --with-http_dav_module --with-http_stub_status_module --with-http_flv_module --with-h
ttp_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_rand
om_index_module --with-http_secure_link_module --with-http_slice_module --with-mail --with-stream --with-openssl=objs.ms
vc8/lib/openssl-1.1.1h --with-openssl-opt='no-asm no-tests -D_WIN32_WINNT=0x0501' --with-http_ssl_module --with-mail_ssl
_module --with-stream_ssl_module
"