I decided to trade my perfect 100% SSL Labs score with activating TLS1.3 on my website. Not that any of this matter, since this is a static blog. The good news is that AES256 is privileged over AES128 in the cipher suite order.
TLS_AES_256_GCM_SHA384 (0x1302) ECDH secp384r1 (eq. 7680 bits RSA) TLS_CHACHA20_POLY1305_SHA256 (0x1303) ECDH secp384r1 (eq. 7680 bits RSA) TLS_AES_128_GCM_SHA256 (0x1301) ECDH secp384r1 (eq. 7680 bits RSA)
Activating TLSv1.3 on Nginx is trivial and done by adding
TLSv1.3 in front on
TLSv1.2 for the
ssl_protocols TLSv1.3 TLSv1.2;
And don’t fortget to
service nginx restart your server.