> 3. Why does the protocol come up (even with the openssl command) as > TLS_AES_256_GCM_SHA384 and not the TLS13 variants? ChaCha20-Poly1305 works > in TLS1.2 just fine.
You can look at https://github.com/openssl/openssl/pull/5392 The default TLSv1.3 ciphersuites (and the way those are configured (https://github.com/openssl/openssl/commit/f865b08143b453962ad4afccd69e698d13c60f77) ) have been changed to: "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256" Maybe a developer can comment on this as it could be that nginx isn't fully compatible (and works just because the tlsv1.3 ciphers are always enabled) with the latest openssl pre/beta-release... rr _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
