Re: Unable to activate TLS1.3

2024-03-20 Thread Taco de Wolff
I figured it out. One of the servers that is listening on 443 uses "ssl_reject_handshake on;" and thus I didn't define an ssl_certificate + ssl_certificate_key + ssl_trusted_certificate as it is not (and should not be) required. For some reason, this disabled TLS1.3 for all servers quite unexpected

Unable to activate TLS1.3

2024-03-19 Thread Taco de Wolff
Hi, I'm using Nginx 1.25.4 with the OpenSSL 1.1.1k FIPS build on CentOS Stream 8 (FIPS not enabled). I have checked that the OpenSSL library can connect to other services using TLS1.3 and Postfix + Dovecot work fine on TLS1.3 as well, but Nginx doesn't seem to enable TLS1.3 as reported by SSLLabs