I recently set up a site with
certbot --nginx -d <domain>. In
/etc/letsencrypt/options-ssl-nginx.conf, I added TLSv1.3 to the
ssl_protocols directive. However, when I visit the site (Chrome 68), the security tab shows TLSv1.2. I tested the site with ssllabs.com, which also showed only TLS versions 1.0-1.2 enabled.
I don't see any errors in
journalctl -u nginx.service | grep -i tls or
grep -i tls /var/log/nginx/*.log.
How could I troubleshoot this issue? I've checked all my config files and all my log files and haven't found the source of (or any information about) the problem.
Site config (generated by
OpenSSL 1.1.0g 2 Nov 2017
I did not even look at the rest of what you are doing but OpenSSL 1.1.0 simply does not support TLS 1.3 yet. TLS 1.3 is support starting with OpenSSL 1.1.1 only. See Using TLS1.3 With OpenSSL for more information.
nginx version: nginx/1.15.8 built by gcc 8.2.0 (Alpine 8.2.0) built with OpenSSL 1.1.1a 20 Nov 2018— Feb 01, 2019 at 13:53
External links referenced by this document: