I can confirm that it does work as expected with package 1.14.0-0ubuntu1.3 from bionic-proposed. I tested on my personal site.
Before (1.2 and 1.3 work despite 1.3 not being explicitly enabled):
$ echo q | openssl s_client -connect sdeziel.info:443 -tls1_2 -no_ign_eof 2>/dev/null | grep 'Cipher is' New, TLSv1.2, Cipher is ECDHE-RSA-CHACHA20-POLY1305
$ echo q | openssl s_client -connect sdeziel.info:443 -tls1_3 -no_ign_eof 2>/dev/null | grep 'Cipher is' New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
# apt-get dist-upgrade Calculating upgrade... Done The following packages will be upgraded: libnginx-mod-http-geoip (1.14.0-0ubuntu1.2 => 1.14.0-0ubuntu1.3) libnginx-mod-http-image-filter (1.14.0-0ubuntu1.2 => 1.14.0-0ubuntu1.3) libnginx-mod-http-xslt-filter (1.14.0-0ubuntu1.2 => 1.14.0-0ubuntu1.3) libnginx-mod-mail (1.14.0-0ubuntu1.2 => 1.14.0-0ubuntu1.3) libnginx-mod-stream (1.14.0-0ubuntu1.2 => 1.14.0-0ubuntu1.3) nginx-common (1.14.0-0ubuntu1.2 => 1.14.0-0ubuntu1.3) nginx-core (1.14.0-0ubuntu1.2 => 1.14.0-0ubuntu1.3)
After (only 1.2 works == bug fixed):
$ echo q | openssl s_client -connect sdeziel.info:443 -tls1_3 -no_ign_eof 2>/dev/null | grep 'Cipher is' New, (NONE), Cipher is (NONE)
After the update and manually enabling TLS 1.3 (1.2 and 1.3 work):
I can confirm that it does work as expected with package 1.14.0-0ubuntu1.3 from bionic-proposed. I tested on my personal site.
Before (1.2 and 1.3 work despite 1.3 not being explicitly enabled):
$ echo q | openssl s_client -connect sdeziel.info:443 -tls1_2 -no_ign_eof 2>/dev/null | grep 'Cipher is' CHACHA20- POLY1305
New, TLSv1.2, Cipher is ECDHE-RSA-
$ echo q | openssl s_client -connect sdeziel.info:443 -tls1_3 -no_ign_eof 2>/dev/null | grep 'Cipher is' 256_GCM_ SHA384
New, TLSv1.3, Cipher is TLS_AES_
# apt-get dist-upgrade mod-http- geoip (1.14.0-0ubuntu1.2 => 1.14.0-0ubuntu1.3) mod-http- image-filter (1.14.0-0ubuntu1.2 => 1.14.0-0ubuntu1.3) mod-http- xslt-filter (1.14.0-0ubuntu1.2 => 1.14.0-0ubuntu1.3) mod-mail (1.14.0-0ubuntu1.2 => 1.14.0-0ubuntu1.3) mod-stream (1.14.0-0ubuntu1.2 => 1.14.0-0ubuntu1.3)
Calculating upgrade... Done
The following packages will be upgraded:
libnginx-
libnginx-
libnginx-
libnginx-
libnginx-
nginx-common (1.14.0-0ubuntu1.2 => 1.14.0-0ubuntu1.3)
nginx-core (1.14.0-0ubuntu1.2 => 1.14.0-0ubuntu1.3)
After (only 1.2 works == bug fixed):
$ echo q | openssl s_client -connect sdeziel.info:443 -tls1_2 -no_ign_eof 2>/dev/null | grep 'Cipher is' CHACHA20- POLY1305
New, TLSv1.2, Cipher is ECDHE-RSA-
$ echo q | openssl s_client -connect sdeziel.info:443 -tls1_3 -no_ign_eof 2>/dev/null | grep 'Cipher is'
New, (NONE), Cipher is (NONE)
After the update and manually enabling TLS 1.3 (1.2 and 1.3 work):
$ echo q | openssl s_client -connect sdeziel.info:443 -tls1_2 -no_ign_eof 2>/dev/null | grep 'Cipher is' CHACHA20- POLY1305
New, TLSv1.2, Cipher is ECDHE-RSA-
$ echo q | openssl s_client -connect sdeziel.info:443 -tls1_3 -no_ign_eof 2>/dev/null | grep 'Cipher is' 256_GCM_ SHA384
New, TLSv1.3, Cipher is TLS_AES_