儘管有 Openssl 1.1.1g，但啟用 Nginx TLSv1.3 錯誤

我有 Nginx 1.18.0 和 OpenSSL 啟用 v1.1.1g。我知道在此版本之前無法啟用 TLSv1.3，但即使使用此版本也是不可能的。如果我檢查 ssl checkers 網站，它的啟用 v1.2 完全沒有任何錯誤，但不是 v1.3

任何想法可能是什麼原因造成的？

nginx 配置

server {
   listen  443 ssl default_server;

       server_name www.website.com;

   #### REAL SSL STARTS ####
   ssl_certificate /etc/nginx/ssl/ssl-bundle.crt;
   ssl_certificate_key /etc/nginx/ssl/STAR_website_com.pem;
   ssl_prefer_server_ciphers on;
   ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
   proxy_ssl_protocols TLSv1.2 TLSv1.3;
   ### REAL SSL ENDS    ####
#   proxy_cookie_path / "/; HTTPOnly; Secure";
#

  
   access_log /var/log/nginx/website443.access.log;
       #access_log /var/log/nginx/domains/website.com.au.bytes bytes;
       error_log /var/log/nginx/domains/website443.com.error.log;

       #access_log /var/log/nginx/website.com.au.access.log;
       #error_log /var/log/nginx/website.com.au.error.log;
       #php-fpm log  /usr/log/www.access.log

Nginx -V

[root@test2-au ssl]# nginx -V
nginx version: nginx/1.18.0
custom build maintained on github.com/karljohns0n/nginx-more
built by gcc 8.3.1 20190507 (Red Hat 8.3.1-4) (GCC)
built with **OpenSSL 1.1.1g**  21 Apr 2020
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/cache/client_body --http-proxy-temp-path=/var/lib/nginx/cache/proxy --http-fastcgi-temp-path=/var/lib/nginx/cache/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/cache/uwsgi --http-scgi-temp-path=/var/lib/nginx/cache/scgi --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --user=nginx --group=nginx --with-compat --with-file-aio --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_image_filter_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_geoip_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-threads --with-stream --with-stream_ssl_module --with-stream_realip_module --with-http_slice_module --with-stream_ssl_preread_module --with-debug --with-cc-opt='-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -DTCP_FASTOPEN=23' --with-openssl=modules/openssl-1.1.1g --with-http_v2_hpack_enc --add-dynamic-module=modules/ngx_modsecurity-1.0.1 --add-module=modules/ngx_headers_more-0.33 --add-module=modules/ngx_cache_purge-2.3 --add-module=modules/ngx_module_vts-0.1.18 --add-module=modules/ngx_pagespeed-1.13.35.2-stable --add-module=modules/ngx_brotli-snap20200506 --add-module=modules/ngx_http_geoip2_module-3.3 --add-module=modules/ngx_echo-0.61

打開ssl版本

[root@test2-au ssl]# openssl version
OpenSSL 1.1.1c FIPS  28 May 2019

您使用了錯誤的指令

proxy_ssl_protocols

啟用對代理 HTTPS 伺服器的請求的指定協議。

當你應該使用

ssl_protocols

啟用指定的協議。

引用自：https://serverfault.com/questions/1032745