Unable to get 100% score without violating TLS 1.3 spec?

[qwertychouskie]

As per https://serverfault.com/a/1033444:

Nginx doesn't support configuring TLS 1.3 cipher suites like this, and you shouldn't, as per RFC 8446, 9.1 there are Mandatory-to-Implement Cipher Suites.

A TLS-compliant application MUST implement the TLS_AES_128_GCM_SHA256 [GCM] cipher suite and SHOULD implement the TLS_AES_256_GCM_SHA384 [GCM] and TLS_CHACHA20_POLY1305_SHA256 [RFC8439] cipher suites (see Appendix B.4).

Either this limitation should be documented somewhere, or an exception should be added for TLS_AES_128_GCM_SHA256 to not lower the score.

[ArchangeGabriel]

Related : #882, #858, #636, #602…

[catharsis71]

Interesting that NGINX doesn't allow that... Apache absolutely does. In reality, (usually) nothing bad happens if you "break" an RFC, assuming you test thoroughly to ensure you're not losing any compatibility. I've had TLS_AES_128_GCM_SHA256 disabled in Apache on multiple servers for years and it has caused zero problems or compatibility issues.

They're Requests For Comments not actual laws and they aren't necessarily kept up-to-date with current security practices.

Sometimes it's a choice between security and RFC-compliance and the correct answer is usually "it depends"

[ArchangeGabriel]

The bit on nginx is quite outdated as setting them is definitively possible now using ssl_conf_command Ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256; for instance.

[masterflitzer]

even if nginx doesnt allow it (which was the case when i looked into it) you can just configure it in your openssl.cnf

[adrelanos]

nginx configuration for disabling 128 bit ciphers:

ssl_conf_command Ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256;

credits: https://dustri.org/b/disabling-128-bits-ciphers-on-tls13-on-nginx.html