In ssl_manager_openssl.cpp, the OpenSSL API SSL_CTX_set_cipher_list() only works for TLSv1.2 and below.
If user configures TLSv1.3 only, SSL_CTX_set_cipher_list() returns 0 and causes an error: "Can not set supported cipher suites: "
The related API for TLSv1.3 is SSL_CTX_set_ciphersuites().
Reference: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_cipher_list.html
- is documented by
-
DOCS-13767 [Server] Setting cipher list does not work for TLSv1.3 only (if TLS1_0, TLS1_1, TLS1_2 are disabled) (SERVER-48774)
- Closed