search

SteveLTN / https-portal

A fully automated HTTPS server powered by Nginx, Let's Encrypt and Docker.
MIT License
4.46k stars 295 forks source link

Does not support TLS 1.3 #301

Closed MarcelWaldvogel closed 2 years ago

MarcelWaldvogel commented 2 years ago

I recently ran Qualys SSLTest across one of my domains and was surprised to find that TLS 1.3 was not recognized. (Confirmed by tls.imirhil.fr and Firefox; did not find out how to see the TLS version in Chrome).

From this SO answer, I tried the following:

I have not tried switching to his docker image yet, as this is Alpine-based, probably a larger adaptation required.

SteveLTN commented 2 years ago

I have tried several things from various places. Have no luck yet.

SteveLTN commented 2 years ago

I did find how to see it in Chrome though. It's in Security tab. Makes testing a bit faster. image

gerold-penz commented 2 years ago

Hello, can it be that it does not work only because Https-Portal uses an old Nginx version? nginx:latest is on version 1.23.1 at the moment. Https-Portal is currently using version 1.21.3. TLS 1.3 is becoming more and more important. TLS-Checker complains on my websites that TLS 1.3 is not enabled. I'm afraid I don't know how to help. I would like to see an update from Https-Portal to a newer Nginx version if I could wish for something. Thanks a lot for your super work. With kind regards, Gerold :-)

Translated with www.DeepL.com/Translator (free version)

SteveLTN commented 2 years ago

I will try tomorrow! I expect it to work out of the box with newer version of Nginx, but should probably do some testing anyways.

On Sat, 6 Aug 2022 at 4:04 PM Gerold Penz @.***> wrote:

Hello, can it be that it does not work only because Https portal uses an old Nginx version? nginx:latest is on version 1.23.1 at the moment. Https portal is currently using version 1.21.3. TLS 1.3 is becoming more and more important. TLS-Checker https://www.cdn77.com/tls-test complains on my websites that TLS 1.3 is not enabled. I'm afraid I don't know how to help. I would like to see an update from Https portal to a newer Nginx version if I could wish for something. Thanks a lot for your super work. With kind regards, Gerold :-)

Translated with www.DeepL.com/Translator (free version)

— Reply to this email directly, view it on GitHub https://github.com/SteveLTN/https-portal/issues/301#issuecomment-1207171115, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAD4AZ7XGVOPDGBOKHPL4J3VXYMBZANCNFSM5KG4RGTA . You are receiving this because you commented.Message ID: @.***>

SteveLTN commented 2 years ago

Fixed with HTTPS-PORTAl 1.22 release.

gerold-penz commented 2 years ago

Thank you! :-)

gerold-penz commented 2 years ago

I just tried it on a test server with CUSTOM_NGINX_SERVER_CONFIG_BLOCK.

environment:
  ...
  CUSTOM_NGINX_SERVER_CONFIG_BLOCK: |
    ssl_protocols TLSv1.2 TLSv1.3;

Works so far without any problems. :-)

gerold-penz commented 2 years ago

Addendum: CUSTOM_NGINX_SERVER_CONFIG_BLOCK is not necessary. It works also without this setting.