-
-
Notifications
You must be signed in to change notification settings - Fork 606
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug: TLS 1.3 not working #1475
Comments
So that makes sense why explicitly adding the The no-default site actually used to have that. See #1414 where I changed it to remove the need for a generated SSL cert. Did your propose fix work? I'm not sure if |
My fix works in my case, with ssl enabled. Didn't get to try without ssl. There is also this (from https://trac.nginx.org/nginx/ticket/2073):
|
Looks like that OpenSSL issue is resolved but I'd have to confirm what versions are on Ubuntu 20.04 + 22.04 I'd really rather avoid going back to the old way of having to generate a certificate. At least it's working for you so far 🤞 |
Ubuntu 20.04: I think we need |
Do you experience this issue: That over HTTP/2 only one or two concurrent requests are made, e.g. viewing the media library thumbnail view and only one or two images are downloading sequentialls (disable cache in Chrome Dev Tools network tab for testing this)? I have this issue with one particular Trellis/ Edit: After adding a further domain and re-provisioning the issue was resolved. Just forcing the certificate for the existing domains to regenerate alone did not resolve the issue. |
Terms
Description
What's wrong?
TLS1.3 is not working on one of my servers, with the current trellis ssl config.
For the context: it's a satispress server on a subdomain, eg https://satis.mydomain.com. This is preventing latest composer versions to access this server, as it requires http2, and http2 requires tls1.3
TLS1.2 is working fine.
The culprit config lines seem to be
trellis/roles/wordpress-setup/templates/no-default.conf.j2
Lines 16 to 23 in c9fa841
If I comment it out, TLS1.3 works again.
I've read that for TLS1.3 to work, every server block needs to include the ssl configuration.
A simple fix could be to add
to the no-default ssl conf, but I'm not sure of the implications.
Steps To Reproduce
Not sure, the issue could be specific to my setup (subdomain, etc..)
Expected Behavior
TLS1.3 works.
Actual Behavior
TLS1.3 is not offered, as a tool like https://geekflare.com/tools/tls-scanner shows.
Relevant Log Output
Qualys tests shows A+ grade, but in the detailed log, I can see that TLS1.3 is not offered.
Versions
1.20.0
The text was updated successfully, but these errors were encountered: