What is the domain name?
Have you searched for an answer?
yes
Please share your search results url:
When you tested your domain, what were the results?
www.ssllabs.com/ssltest/analyze.html?d=www.anahatatantra.com&s=172.67.141.243
The results were: Grade B. Stll supporting 1 and 1.1
Describe the issue you are having:
Even though I removed the old tls support from the nginx config and added support for 1.3, I see in the ssllabs that 1.3 was added and it is now supported, but still 1 and 1.1 are supported.
I think it may be realated to cloudflare, because if I test the domain:
openssl s_client -connect anahatatantra.com:443 -tls1
openssl s_client -connect anahatatantra.com:443 -tls1_1
openssl s_client -connect anahatatantra.com:443 -tls1_2
openssl s_client -connect anahatatantra.com:443 -tls1_3
Only the last two connect which is right.
Here are the configs that are in the server (as per mozilla):
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
ssl_prefer_server_ciphers off;|
Any idea what can be wrong?