I figured it out. One of the servers that is listening on 443 uses
"ssl_reject_handshake on;" and thus I didn't define an ssl_certificate +
ssl_certificate_key + ssl_trusted_certificate as it is not (and should not
be) required. For some reason, this disabled TLS1.3 for all servers quite
unexpected
Hi,
I'm using Nginx 1.25.4 with the OpenSSL 1.1.1k FIPS build on CentOS Stream
8 (FIPS not enabled). I have checked that the OpenSSL library can connect
to other services using TLS1.3 and Postfix + Dovecot work fine on TLS1.3 as
well, but Nginx doesn't seem to enable TLS1.3 as reported by SSLLabs
