So, I don't run the NGINX webserver, but I am pretty sure this is on the
remote server to serve the protocol right. SSLLabs test shows that TLS
1.3 is just not offered.
https://www.ssllabs.com/ssltest/analyze.html?d=nginx.org&s=3.125.197.172&latest
There's three other IPs (one IPv4 and two IPv6) that will very likely
reflect the same tests as well.
So to answer your original question:
> What have I done wrong or if it is your problem?
You didn't do anything wrong. TLS 1.2 is the only protocol that's
offered for SSL/TLS connections to the nginx.org site.
Thomas
On 1/21/21 11:50 PM, David Hu wrote:
So I have to downgrade to TLS v1.2. The full command input and the connection
process can be shown as follows:
./curl -vvvvv --http2-prior-knowledge --tlsv1.2 https://nginx.org
* Trying 52.58.199.22:443...
* Connected to nginx.org (52.58.199.22) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: D:\curl-7.74.0_2-win64-mingw\bin\curl-ca-bundle.crt
* CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=nginx.org
* start date: Oct 29 16:45:05 2020 GMT
* expire date: Jan 27 16:45:05 2021 GMT
* subjectAltName: host "nginx.org" matched cert's "nginx.org"
* issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
* SSL certificate verify ok.
GET / HTTP/1.1
Host: nginx.org
User-Agent: curl/7.74.0
Accept: */*
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.19.0
< Date: Fri, 22 Jan 2021 04:43:32 GMT
< Content-Type: text/html; charset=utf-8
< Content-Length: 12676
< Last-Modified: Tue, 15 Dec 2020 14:58:52 GMT
< Connection: keep-alive
< Keep-Alive: timeout=15
< ETag: "5fd8cf2c-3184"
< Accept-Ranges: bytes
<
So I neogotiate with your server to force use HTTP/2 (i.e. H2) and ALPN is
offering H2 and HTTP/1.1 but at the finally I only get the HTTP version
HTTP/1.1 not H2. The same cURL specs and versions and specs as the above
message. What have I done wrong or if it is your problem?
Thanks again.
Regards,
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
