How to enable TLS 1.3 in nginx nextcloud.conf?

I got nextcloud.conf from this guide

Added

ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;

And it didn’t work

Deleted and added

 ssl_protocols TLSv1.2 TLSv1.3;
  ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
  ssl_prefer_server_ciphers on;

And didn’t work and I saw only TLS 1.2

Let’s enrypt btw. Having cloudflare it’s easy to set TLS 1.3

So any idea? Thank you

The configuration problem has nothing to do with Nextcloud and is a general Nginx specific issue. Therefore you should ask aunt G. for an answer, e.g.

https://debianforum.de/forum/viewtopic.php?t=176956

1 Like

I did what in the fisrt guide has been told but still see tls 1.2 in my browser. The same browser shows me tls 1.3 on letsencrypt site.

I would use this https://www.ssllabs.com/ssltest/ site to test my webpage.

As j-ed wrote, this is actually the wrong forum for these kind of questions.
But because we are willing to help anyway we must ask you to provide more information about your system then.

In order to use TLS/ SSL encryption, an additional program is required: for example openssl (https://www.openssl.org/). And if you want to use TLSv1.3 both applications - the webserver and the encryption program like openssl - need to support TLSv1.3.

Therefore, please check:

  • if you have openssl or another application for encryption installed
  • which versions for nginx and “openssl” are installed
  • if these versions support TLSv1.3

Here what is working for me:
nginx.conf:

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305';
    ssl_ecdh_curve X448:X25519:secp384r1:secp521r1;
    ssl_prefer_server_ciphers on;

nginx 1.18.0
openssl 1.1.1h

3 Likes