wangfeng22 commented on issue #8126: URL: https://github.com/apache/apisix/issues/8126#issuecomment-1286366593
> > > Which TLS version are you trying to use? Also, please check apisix config.yaml to know the supported TLS versions. > > > > > > This is my openssl version. > > ``` > > openssl version > > OpenSSL 1.0.2k-fips 26 Jan 2017 > > ``` > > > > > > > > > > > > > > > > > > > > > > > > I use the config-default.yaml configuration. > > ``` > > ssl_protocols: TLSv1.2 TLSv1.3 > > ssl_ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 > > ssl_session_tickets: false # disable ssl_session_tickets by default for 'ssl_session_tickets' would make Perfect Forward Secrecy useless. > > ``` > > Oops. I didn't notice it's a TLS handshaking error with upstream. The default SSL protocol APISIX uses to communicate with upstream is `TLSv1 TLSv1.1 TLSv1.2`. Please make sure if your upstream service doesn't support some of them. So should I change `ssl_protocols: TLSv1.2 TLSv1.3` to `ssl_protocols: TLSv1 TLSv1.1 TLSv1.2` ? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org