nginx TLS 1.3 doesn't seem to work

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Hello,
I was browsing https://onedev.polarian.dev while diagnosing the other SSL issue I was having, and I ave realised that it only supports TLS 1.2, even though I have 1.3 enabled and loaded (confirmed with nginx -t) 

When I use curl:

~ on ☁   took 2s
❯ curl -vI https://onedev.polarian.dev
*   Trying 81.187.86.85:443...
* Connected to onedev.polarian.dev (81.187.86.85) port 443 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: CN=onedev.polarian.dev
*  start date: Mar 14 07:49:09 2023 GMT
*  expire date: Jun 12 07:49:08 2023 GMT
* subjectAltName: host "onedev.polarian.dev" matched cert's "onedev.polarian.dev" 
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* using HTTP/1.1
> HEAD / HTTP/1.1
> Host: onedev.polarian.dev
> User-Agent: curl/8.0.1
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Server: nginx/1.22.1
Server: nginx/1.22.1
< Date: Fri, 24 Mar 2023 12:03:18 GMT
Date: Fri, 24 Mar 2023 12:03:18 GMT
< Content-Type: text/html;charset=utf-8
Content-Type: text/html;charset=utf-8
< Connection: keep-alive
Connection: keep-alive
< X-FRAME-OPTIONS: SAMEORIGIN
X-FRAME-OPTIONS: SAMEORIGIN
< Set-Cookie: JSESSIONID=node0ksf08v71egm01j4p388blz4e012.node0; Path=/; HttpOnly; SameSite=Lax Set-Cookie: JSESSIONID=node0ksf08v71egm01j4p388blz4e012.node0; Path=/; HttpOnly; SameSite=Lax 
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Pragma: no-cache
Pragma: no-cache
< Cache-Control: no-cache, no-store
Cache-Control: no-cache, no-store

<
* Connection #0 to host onedev.polarian.dev left intact
I can see that TLS 1.3 is supported, but for some reason during the handshake it settles on TLS 1.2, why? 

Thank you,
--
Polarian
GPG signature: 0770E5312238C760
Website: https://polarian.dev
JID/XMPP: polarian@xxxxxxxxxxxx

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux