Opened 16 months ago
Closed 16 months ago
#2538 closed defect (duplicate)
Site has TLS 1.2 connection despite being configured with TLS 1.3 only
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | documentation | Version: | 1.25.x |
Keywords: | Cc: | ||
uname -a: | Linux smoon.bkoty.ru 6.5.0-rc7-next-20230825-1-next-git-12910-g626932085009 #1 SMP PREEMPT_DYNAMIC Fri, 25 Aug 2023 22:20:42 +0000 x86_64 GNU/Linux | ||
nginx -V: |
nginx version: nginx/1.25.2
built with OpenSSL 3.1.2 1 Aug 2023 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --sbin-path=/usr/bin/nginx --pid-path=/run/nginx.pid --lock-path=/run/lock/nginx.lock --user=http --group=http --http-log-path=/var/log/nginx/access.log --error-log-path=stderr --http-client-body-temp-path=/var/lib/nginx/client-body --http-proxy-temp-path=/var/lib/nginx/proxy --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-cc-opt='-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions -Wp,-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security -fstack-clash-protection -fcf-protection -g -ffile-prefix-map=/build/nginx-mainline/src=/usr/src/debug/nginx-mainline -flto=auto' --with-ld-opt='-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now -flto=auto' --with-compat --with-debug --with-file-aio --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_degradation_module --with-http_flv_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-http_v3_module --with-mail --with-mail_ssl_module --with-pcre-jit --with-stream --with-stream_geoip_module --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-threads |
Description
Hello,
I'm running nginx on Archlinux.
Note:
See TracTickets
for help on using tickets.
(Continue)
I configured nginx to establish only TLS 1.3 connections and all was fine until version 1.25.2, but with 1.25.2 both
curl
and ssllabs show me that site also available with TLS 1.2.To make
nginx
to force only TLS 1.3 I usedOPENSSL_CONF
variable pointing to file with contentwith the following configuration for the site