Problem; with Nginx configured as a reverse proxy to a TLS 1.3 back end I get a 502 bad gateway error from clients connecting to the proxy and Nginx error log fills with this;
2022/05/11 08:41:34 [error] 28335#28335: *296 SSL_do_handshake() failed (SSL: error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:SSL alert number 70) while SSL handshaking to upstream, client: xx.xx.xx.xx, server: something.example.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://xx.xx.xx.xx:443/favicon.ico", host: "something.example.com", referrer: "https://something.example.com/"
I already know if I allow TLS1.2 on the back end web server everything works.
I tried adding this to my reverse proxy configuration in the "server {" statement
proxy_ssl_protocol TLSv1.2 TLSv1.3;
That gets me this;
sudo nginx -t
nginx: [emerg] unknown directive "proxy_ssl_protocol" in /etc/nginx/sites-enabled/example.conf:21
nginx: configuration file /etc/nginx/nginx.conf test failed
I tried adding that to my server.conf in the "http {" section which gets me this error
sudo nginx -t
nginx: [emerg] unknown directive "proxy_ssl_protocol" in /etc/nginx/nginx.conf:36
nginx: configuration file /etc/nginx/nginx.conf test failed
Is that even the right statement? If so where do I put it?