Hello, I was browsing https://onedev.polarian.dev while diagnosing the other SSL issue I was having, and I ave realised that it only supports TLS 1.2, even though I have 1.3 enabled and loaded (confirmed with nginx -t) When I use curl: ~ on ☁ took 2s ❯ curl -vI https://onedev.polarian.dev * Trying 81.187.86.85:443... * Connected to onedev.polarian.dev (81.187.86.85) port 443 (#0) * ALPN: offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: none * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN: server accepted http/1.1 * Server certificate: * subject: CN=onedev.polarian.dev * start date: Mar 14 07:49:09 2023 GMT * expire date: Jun 12 07:49:08 2023 GMT * subjectAltName: host "onedev.polarian.dev" matched cert's "onedev.polarian.dev" * issuer: C=US; O=Let's Encrypt; CN=R3 * SSL certificate verify ok. * using HTTP/1.1
HEAD / HTTP/1.1 Host: onedev.polarian.dev User-Agent: curl/8.0.1 Accept: */*
< HTTP/1.1 200 OK HTTP/1.1 200 OK < Server: nginx/1.22.1 Server: nginx/1.22.1 < Date: Fri, 24 Mar 2023 12:03:18 GMT Date: Fri, 24 Mar 2023 12:03:18 GMT < Content-Type: text/html;charset=utf-8 Content-Type: text/html;charset=utf-8 < Connection: keep-alive Connection: keep-alive < X-FRAME-OPTIONS: SAMEORIGIN X-FRAME-OPTIONS: SAMEORIGIN < Set-Cookie: JSESSIONID=node0ksf08v71egm01j4p388blz4e012.node0; Path=/; HttpOnly; SameSite=Lax Set-Cookie: JSESSIONID=node0ksf08v71egm01j4p388blz4e012.node0; Path=/; HttpOnly; SameSite=Lax < Expires: Thu, 01 Jan 1970 00:00:00 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT < Pragma: no-cache Pragma: no-cache < Cache-Control: no-cache, no-store Cache-Control: no-cache, no-store < * Connection #0 to host onedev.polarian.dev left intact I can see that TLS 1.3 is supported, but for some reason during the handshake it settles on TLS 1.2, why? Thank you, -- Polarian GPG signature: 0770E5312238C760 Website: https://polarian.dev JID/XMPP: polarian@polarian.dev