ssl_reject_handshake disallow TLSv1.3

rjvbzeoibvpzie Tue, 08 Feb 2022 03:18:38 -0800

ssl_protocols  TLSv1.2 TLSv1.3;

server {
    listen 443 ssl default_server;
    ssl_reject_handshake on;
}


This does not allow ANY other server to be reached with TLSv1.3

server {
    listen 443 ssl default_server;
    ssl_certificate ssl/cert.pem;
    return 444;
}

This allow ANY server to be reached with TLSv1.2 or TLSV1.3 (as
configured).

See
https://stackoverflow.com/questions/71023951/ssl-alert-number-70-with-tlsv1-3/71032567#71032567

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,293611,293611#msg-293611

_______________________________________________
nginx mailing list -- nginx@nginx.org
To unsubscribe send an email to nginx-le...@nginx.org

ssl_reject_handshake disallow TLSv1.3

Reply via email to