Possible Bug: TLS 1.3 not available with NGINX

Jun 7, 2019
11
1
3
United States
cPanel Access Level
Root Administrator
An online security checking website finds that my VPS site supports TLS 1.2, but not TLS 1.3. When I pull up my site's home page in Firefox, click on the lock icon, click on "Connection Secure", then on "More Information", under "Technical Details" it does indeed show encryption with TLS 1.2. I'd like to get TLS 1.3 working.
The protocol can be changed from Home > Service Configuration > Apache Configuration > Global Configuration under "SSL/TLS Protocols". I've tried changing the protocol to +TLSv1.2 +TLSv1.3, and also switching the order, +TLSv1.3 +TLSv1.2. Finally, I decided to press the matter and enter just +TLSv1.3. After saving the configuration, and clicking the button to reconfigure and restart Apache, I go to my home page, reload it, and get an error: 502 bad gateway NGINX. (The NGINX is on a separate line on that page.)

I go back to the Global Configuration page and change the "3" to "2", so that the protocol is +TLSv1.2, and try again. My home page loads as expected.

I suspect this is related to recently adding the NGINX page compression, which was an option in a recent update.

Can anyone else reproduce this? My system is using Centos 7.9, the latest update installed is 96.0.9. The nameserver is BIND (not that that should matter).

Thanks,

Chris
 

cPJustinD

Administrator
Staff member
Jan 12, 2021
160
26
93
Houston
cPanel Access Level
Root Administrator
Hello ! I could not reproduce this in my test environment (CentOS 7.9, cP v11.96.0.9, BIND), although that may be due to some possible differences in configurations between our environments. I think it would be best to open a support ticket so that our analysts can review the issue more on y9our server more thoroughly and determine what exactly is occurring. You can submit a support request using the "Submit a ticket" link in my signature below.

Please be sure to link this thread when opening the ticket and provide the ticket number here so that we can track the issue appropriately. If possible, please post the resolution on this thread as it may help other community members with similar issues.