Maxim Dounin
August 15, 2019 10:04AM

On Thu, Aug 15, 2019 at 09:05:42AM -0400, TC_Hessen wrote:

> Hi,
> I am new to this forum, but not new to nginx. I am running multiple debian
> servers (stretch) with nginx 1.14.1 and TLS 1.3 support, i.e.
> nginx version: nginx/1.14.1
> built with OpenSSL 1.1.0f 25 May 2017 (running with OpenSSL 1.1.1c 28 May
> 2019)
> TLS SNI support enabled
> To prevent the servers agains the new bugs, I tried to upgrade directly to
> 1.17.3 provided by That works without any problems, but TLS 1.3
> is not running anymore:
> nginx version: nginx/1.17.3
> built by gcc 6.3.0 20170516 (Debian 6.3.0-18+deb9u1)
> built with OpenSSL 1.1.0j 20 Nov 2018 (running with OpenSSL 1.1.1c 28 May
> 2019)
> TLS SNI support enabled
> Where is the error?

OS you are using is shipped with OpenSSL 1.1.0j, and nginx is
built with this old OpenSSL version. As such, TLSv1.3 is not

There was a bug which made TLSv1.3 always enabled when was
compiled with OpenSSL 1.1.0 and running with OpenSSL 1.1.1, it was
fixed in nginx 1.15.6 and 1.14.2 (quote from

*) Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL
1.1.1, the TLS 1.3 protocol was always enabled.

Since you were using nginx 1.14.1 previously, TLS 1.3 was enabled
due to this bug.

Maxim Dounin
nginx mailing list
Subject Author Posted

nginx-1.17.3 and TLS v1.3

TC_Hessen August 15, 2019 09:05AM

Re: nginx-1.17.3 and TLS v1.3

Anonymous User August 15, 2019 09:32AM

Re: nginx-1.17.3 and TLS v1.3

Maxim Dounin August 15, 2019 10:04AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 76
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready