In my tests, I used NGINX with those TLS related params: # grep -r ssl_ /etc/nginx/nginx.conf /etc/nginx/conf.d/ /etc/nginx/sites-enabled/ /etc/nginx/nginx.conf: ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE /etc/nginx/nginx.conf: ssl_prefer_server_ciphers on; /etc/nginx/conf.d/ssl.conf:ssl_ciphers TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384; /etc/nginx/conf.d/ssl.conf:ssl_session_cache shared:SSL:1m; /etc/nginx/conf.d/ssl.conf:ssl_session_timeout 1d; /etc/nginx/conf.d/ssl.conf:ssl_session_tickets off; /etc/nginx/conf.d/ssl.conf:ssl_certificate /etc/nginx/certs/sdeziel.info/fullchain.pem; /etc/nginx/conf.d/ssl.conf:ssl_certificate_key /etc/nginx/certs/sdeziel.info/privkey.pem; /etc/nginx/conf.d/ssl.conf:ssl_stapling on;
I used many variations of ssl_ciphers and ssl_protocols to no avail. My main goal is to have TLS 1.3 and 1.2 enabled with this ciphers list from above but that doesn't work as seen here: https://dev.ssllabs.com/ssltest/analyze.html?d=sdeziel.info&s=2001%3a470%3ab1c3%3a7942%3a0%3a0%3a0%3a80&hideResults=on&latest -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1832370 Title: Unable to configure or disable TLS 1.3 via openssl.cnf To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832370/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs