On my company we are trying to be compatible with tls 1.3 protocol, but we aren't able to achieve it, for now we use 1.2 version of the protocol.
For updating it I've saw that it's enough by adding this line:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
on our nginx conf file but it is not working, moreover it gives the 403 I've mentionated earlier by doing this, without this lane it works like a charm.
This is our whole configuration file:
server {
listen 81 ssl http2 default_server;
listen [::]:81 ssl http2 default_server;
server_name test.testhost.es;
ssl_certificate conf.d/x-certificates/wildCard_x.crt;
ssl_certificate_key conf.d/x-certificates/wildCard_x.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri $uri/ /index.html =404;
}
}
What i'm doing wrong? Thanks in advance!
question from:https://stackoverflow.com/questions/65938721/403-forbidden-when-changing-ssl-protocols-on-nginx
