Closed MarcelWaldvogel closed 2 years ago
I have tried several things from various places. Have no luck yet.
I did find how to see it in Chrome though. It's in Security
tab. Makes testing a bit faster.
Hello,
can it be that it does not work only because Https-Portal uses an old Nginx version? nginx:latest
is on version 1.23.1
at the moment. Https-Portal is currently using version 1.21.3
.
TLS 1.3 is becoming more and more important. TLS-Checker complains on my websites that TLS 1.3 is not enabled. I'm afraid I don't know how to help.
I would like to see an update from Https-Portal to a newer Nginx version if I could wish for something.
Thanks a lot for your super work.
With kind regards, Gerold :-)
Translated with www.DeepL.com/Translator (free version)
I will try tomorrow! I expect it to work out of the box with newer version of Nginx, but should probably do some testing anyways.
On Sat, 6 Aug 2022 at 4:04 PM Gerold Penz @.***> wrote:
Hello, can it be that it does not work only because Https portal uses an old Nginx version? nginx:latest is on version 1.23.1 at the moment. Https portal is currently using version 1.21.3. TLS 1.3 is becoming more and more important. TLS-Checker https://www.cdn77.com/tls-test complains on my websites that TLS 1.3 is not enabled. I'm afraid I don't know how to help. I would like to see an update from Https portal to a newer Nginx version if I could wish for something. Thanks a lot for your super work. With kind regards, Gerold :-)
Translated with www.DeepL.com/Translator (free version)
— Reply to this email directly, view it on GitHub https://github.com/SteveLTN/https-portal/issues/301#issuecomment-1207171115, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAD4AZ7XGVOPDGBOKHPL4J3VXYMBZANCNFSM5KG4RGTA . You are receiving this because you commented.Message ID: @.***>
Fixed with HTTPS-PORTAl 1.22 release.
Thank you! :-)
I just tried it on a test server with CUSTOM_NGINX_SERVER_CONFIG_BLOCK.
environment:
...
CUSTOM_NGINX_SERVER_CONFIG_BLOCK: |
ssl_protocols TLSv1.2 TLSv1.3;
Works so far without any problems. :-)
Addendum: CUSTOM_NGINX_SERVER_CONFIG_BLOCK is not necessary. It works also without this setting.
I recently ran Qualys SSLTest across one of my domains and was surprised to find that TLS 1.3 was not recognized. (Confirmed by tls.imirhil.fr and Firefox; did not find out how to see the TLS version in Chrome).
From this SO answer, I tried the following:
ssl_protocols TLSv1.2 TLSv1.3;
todefault.ssl.conf.erb
, andssl_ciphers
there (to revert to Nginx default settings) or set it to the value in the SO post.libssl1.1
is at least 1.1.1I have not tried switching to his docker image yet, as this is Alpine-based, probably a larger adaptation required.