openssl – Nginx with only TLS1.3 cipher suites

I am trying to configure Nginx to use only TLS1.3 with 2 ciphers: TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256.

So, I tried this configuration:

ssl_protocols TLSv1.3;
ssl_ciphers TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256;

But nginx -s reload errors out with

nginx: (emerg) SSL_CTX_set_cipher_list("TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256") failed (SSL: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match)", "operationName": "Default", "category": "Default"}

Looks like I need to append at least one non-TLS1.3 cipher to make the config work. I tried various such combinations and they worked. One of them is:


Why is it so? I think it’s happening because OpenSSL itself doesn’t accept the original ciphersuite string. I am using OpenSSL-1.1.1g.

root@2ed6cae6e062:/azure/appgw# openssl ciphers -v TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256
Error in cipher list
140686067873536:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl/ssl_lib.c:2558:

There are some useful links I came across but couldn’t figure out how to achieve what I want – using only TLS1.3 ciphersuites.,284909,284914#msg-284914

tls – Why does TLS1.3 use same cipher suite for RSA and ECC key pairs?

As per this answer RSA and ECC certificates should use different cipher suites. I tried to test it. It holds true for TLSv1.2. But for TLSv1.3 I see same cipher suite being used for both types of certificates(Tested via Google Chrome=>Dev Tools=>Security). Why is that?

Here is how I generated an ECC cert:

openssl ecparam -out nginx.key -name prime256v1 -genkey
openssl req -new -key nginx.key -out csr.pem
openssl req -x509 -nodes -days 365 -key nginx.key -in csr.pem -out nginx.pem

Generating RSA cert:

 openssl genrsa -out rsa.key 2048
 openssl req -x509 -new -nodes -key rsa.key -days 7300 -out rsa.pem

With TLS1.3 both the certs result in usage of same cipher suite:

The connection to this site is encrypted and authenticated using TLS 1.3,
 X25519, and AES_256_GCM.

With TLS1.2, RSA cert:

    The connection to this site is encrypted and authenticated using TLS 1.2,
 ECDHE_RSA with X25519, and AES_256_GCM.

With TLS1.2, ECC cert:

The connection to this site is encrypted and authenticated using TLS 1.2, 
ECDHE_ECDSA with X25519, and AES_256_GCM.

tls – Does upgrading to TLS1.3 require Certificate update?

I currently provide solutions to customers backed by Nginx. So far I was using OpenSSL 1.0.2 which means that my Nginx can only offer TLS1.1 and TLS1.2.

In order to allow my customers to use TLS1.3 I am upgrading my OpenSSL to 1.1.1.

My question is this – will my customers have to update/upgrade their certificates if I do this? Will their existing certificates work fine and support the newer Cipher Suites offered by TLS1.3?

From whatever I have read on this forum and other places, my understanding is that the certificate is completely independent of which TLS version and which Cipher suite is used. Is that correct?

Are there Windows OpenVPN 2.4.7 versions compiled with OpenSSL 1.1.1 for TLS1.3 support?

Since February 2019, the default Windows OpenVPN 2.4.7 is currently compiled with OpenSSL 1.1.0j. As a result, it still does not seem to be compatible with TLS 1.3. (tls-version-min 1.3 and tls-ciphersuites orders are unavailable.)

I'm wondering if there are Windows OpenVPN 2.4.7 versions that support TLS1.3?