'SSL alert number 70 with TLSv1.3

# nginx -V
nginx version: nginx/1.21.4
built with OpenSSL 1.1.1f  31 Mar 2020

I've configured nginx to support TLSv1.3.

ssl_protocols  TLSv1.2 TLSv1.3;

but i can't reach my host using TLSv1.3:

# openssl s_client -connect hostname.com:443 -tls1_3
CONNECTED(00000003)
140544753464640:error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:../ssl/record/rec_layer_s3.c:1543:SSL alert number 70
---
no peer certificate available
...

only TLSv1.2 works:

# openssl s_client -connect hostname.com:443 -tls1_2
CONNECTED(00000003)
...

Any host, like google.com or cloudflare.com connects fine using the same openssl command.

Of course, SSL Labs test also confirms TLSv1.3 support not enabled.

enter image description here

I've also read this thread and double-checked and I have one and only ssl_protocols line by cd /etc/nginx; grep -rl "ssl_protocols" which only outputs one file.

nginxtls1.3


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Nginx getting the event "ngx_master_****" was not signaled for 5s

Valid characters in nginx upstream name

Nginx proxy_pass with $remote_addr

Nginx the event was not signaled for 5s

how to serve static files through nginx and django in windows

The Streamlit app stops with "Please wait... " and then stops

The Streamlit app stops with "Please wait... " and then stops

Express and nginx net::ERR_CONTENT_LENGTH_MISMATCH

Express and nginx net::ERR_CONTENT_LENGTH_MISMATCH

Locate the nginx.conf file my nginx is actually using

Angular SPA with Custom --base-href and Nginx Routing

What does "trust proxy" actually do in express.js, and do I need to use it?

Nginx ingress controller not giving metrics for prometheus

(13: Permission denied) while connecting to upstream:[nginx]

Ubuntu Nginx/Laravel 500 Internal Server Error