Re: TLS 1.3 not offered and downgraded to a weaker protocol

[lists]

Run  openssl version The problem is openssl is too old for TLS 1.3 using Centos 7. You might want to read this: https://forums.centos.org/viewtopic.php?t=71848 I have seen threads on building openssl so that you can support tls 1.3 on Centos 7. The trouble is once you build something it is your problem to update it.  If you are on a cloud server you can create a centos 8 VPS and then migrate by transferring files via private IP. You can write a script of rsyncs. You will have to reinstall all the software again.  I suggest sticking with TLS 1.2 From: kaushalshri...@gmail.com Sent: March 11, 2020 8:49 PM To: nginx@nginx.org Reply-to: nginx@nginx.org Subject: TLS 1.3 not offered and downgraded to a weaker protocol Hi, I am running nginx version: nginx/1.16.1 on CentOS Linux release 7.7.1908 (Core). I have configured ssl_protocols TLSv1.2 TLSv1.3; in /etc/nginx/nginx.conf.  #nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful Now when I am running testssl.sh (https://testssl.sh/) which is a Testing TLS/SSL encryption tool, I see the below output   Testing protocols via sockets except NPN+ALPN  SSLv2      not offered (OK)  SSLv3      not offered (OK)  TLS 1      not offered  TLS 1.1    not offered  TLS 1.2    offered (OK)  TLS 1.3    not offered and downgraded to a weaker protocol  NPN/SPDY   h2, http/1.1 (advertised)  ALPN/HTTP2 h2, http/1.1 (offered) Any clue regarding  "TLS 1.3    not offered and downgraded to a weaker protocol" ? Please let me know if you need any additional information. Thanks in advance and I look forward to hearing from you. Best Regards, Kaushal

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx