On 7/21/20 4:20 AM, cryptearth wrote: > first of: as I'm not sure what's causing this issue I'll post this question on these locations: > opensuse official forums https://forums.opensuse.org/showthread.php/541909-TLSv1-3-AES-and-Apache2 > apache httpd mailing list > openssl mailing list > > As OpenSuSE 15.2 recently released with openssl 1.1.1 in its repos it's now possible to use TLSv1.3 with Apache2 out of the box. > As I use the TLS test on ssllabs.com as a reference I encountered some issues I'd like to ask for help to fix. > First of, as most important, the used versions: > > apache2: 2.4.43-lp152.1.1 > openssl: 1.1.1d-lp152.1.1 > > And here's the config (only used ssl-global.conf for this test): > > SSLProtocol -all +TLSv1.2 +TLSv1.3 > SSLCipherSuite > TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-CHACHA20-POLY1305HE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384HE-RSA-AES256-GCM-SHA384 Try replacing the one SSLCiphersuite directive above with the below two ones: SSLCipherSuite ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384 SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384 See http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslciphersuite Regards Rüdiger
